Blade  up 


Sun  is  set  to  roll  out  a  blade  and  low-end  server, 


storage  arrays  and  enhancements  to  its  higbend  boxes.  PAGE  8. 


Changes  afoot  at  Sprint? 

Speculation  swirls  that  CEO  William  Esrey  will  step  down.  PAGE  10. 


Next  ‘Slammer' 
could  be  worse 


■  BY  ELLEN  MESSMER 

As  cleanup  of  the  MS-SQL  Slam¬ 
mer  worm  continued  last  week, 
talk  among  security  experts  cen¬ 
tered  on  two  facets  of  the  attack 
that  might  portend 
greater  trouble:  the 
remarkable  speed 
with  which 

Slammer  spread. 


and  the  idea  that  future  versions 
might  carry  a  nefarious  payload. 

Experts  fear  future  variations 
could  wipe  out  files  or  worse. 

“It  could  delete  [a]  whole  data¬ 
base,”  says  Ed  Skoudis,vice  presi¬ 
dent  of  security 
strategy  at  consul¬ 
tancy  Predictive 
Systems.  Extending 
See  Slammer,  page  57 


■  Columnists  Kevin  Tolly 
(page  20),  Scott  Bradner 
(page  24)  and  Mark 
Gibbs  (page  58)  weigh  in 
on  the  Slammer  worm. 


ZOO 


switches 


SSMj 


The  new,  standards-based  10G  Ethernet 
switches  are  out,  and  we  got  first  crack  at 
them.  Of  the  five  we  tested,  only  ForcelO’s 
E1200  delivered  true  n  , 
wire-speed  throughput.  |  clfiG  fc|| 


While  ForcelO  achieved  line-rate 
throughput,  switches  from  Avaya,  Foundry 
and  HP  topped  out  at  8G  bit/sec. 

Per-port  throughput  (64-byte  frames  per  second) 

Theoretical  maximum  14,880,952 


Avaya  (2  ports) 


ForcelO  (4  ports) 


11,218,836 


ForcelO’s 

E1200 


Foundry  (2  ports) 

12,889,594 

Foundry  (4  ports) 

12,868,895 

14,880,950 


HP  (4  ports) 


11,741,994 


Smaller 
ComNet 
soldiers  on 


■  BY  NETWORK  WORLD  STAFF 

WASHINGTON,  D.C.  —  The 
ComNet  Conference  &  Expo  last 
week  celebrated  a  bittersweet 
25th  birthday:  Ses¬ 
sions  and  exhi¬ 
bitors  focused  on 
the  hottest  indus¬ 
try  subjects  from 
security  to  conver¬ 
gence  to  Web  ser¬ 
vices,  but  the  en¬ 
ergy  level  was  low 
because  of  sparse 
vendor  and  atten¬ 
dee  turnout. 

Missing  from  the 
event  were  indus¬ 
try  bellwethers 
such  as  Cisco,  Nor¬ 
tel  and  AT&T,  that 
have  made  Com¬ 
Net  a  network  in¬ 
dustry  mecca  in  years  past.  But 
like  other  trade  shows,  ComNet 
has  been  hit  hard  by  tight  corpo¬ 
rate  travel  budgets  and  the  indus¬ 
try  downturn. 

The  crowd  appeared  to  be 
much  smaller  than  the  30,000 
attendees  expected  by  show 
organizers. The  141  exhibitors  on 
hand  represented  a  two-thirds 
drop  off  from  two  years  ago. 

Nevertheless,  the  show  went  on, 
featuring  Daniel  Mehan,  CIO  and 
assistant  administrator  for  IS  at 
the  Federal  Aviation  Administra¬ 
tion  (FAA),  among  its  keynote 


speakers.  Attendees  heard  first¬ 
hand  how  the  agency  is  attempt¬ 
ing  to  secure  its  40,000-seat  net¬ 
work  while  relying  increasingly 
on  the  Internet. 


Mehan  spent  much  of  his 
speech  discussing  security  issues, 
including  the  recent  MS-SQL 
Slammer  attack.  A  combination 
of  keeping  up  to  date  with 
patches,  keeping  workers 
trained  and  using  a  variety  of 
antihacking  strategies  prevented 
the  FAA’s  important  computer 
systems  from  being  harmed,  he 
said.  At  the  same  time,  he  knows 
the  agency  isn’t  infallible. 

“We  can’t  promise  you’ll  never 
get  a  cold,”  he  said  of  the  agency’s 
security  system.  “But  we  have  to 
See  ComNet,  page  14 


■  Wireless  LAN  security  and  3G  networks  were 
among  the  topics  being  discussed  by  speakers  and 
attendees.  Page  16. 

■  In  our  Reporter's  Notebook,  we  look  at  the 
lighter  side  of  the  show.  Page  16. 


Lotus  offers 
assurances 
to  Domino 
customers 

■  BY  JOHN  FONTANA 

ORLANDO  —  Lotus  started  to 
regain  momentum  last  week  by 
throwing  down  the  gauntlet  to 
chief  rival  Microsoft  and  wooing 
end  users  with  forthcoming  pro¬ 
ducts  that  promise  to  extend 
Domino’s  life  and  integrate  the 
technology  into  a  future  collabo¬ 
ration  platform. 

Lotus  surprised  many  of  the 
more  than  5,000  attendees  at 
Lotusphere  with  just  how  far 
along  it  is  in  developing  products 
that  begin  to  integrate  Domino 
and  WebSphere,  but  also  with  its 
near-term  commitment  to  the 
pure  Domino  platform. 

With  its  product  road  map, 
Lotus  also  showed  it  is  beginning 
to  pull  together  its  long-term  strat¬ 
egy  around  collaboration  with 
the  sort  of  tools  and  software  that 
Microsoft  still  is  fumbling  to 
develop  and  ship. 

In  the  next  18  to  22  months, 
Lotus  plans  to  ship  two  ver¬ 
sions  of  Domino  and  a  pair  of 
See  Lotus,  page  12 


Emery  Forwarding  uses  ./VET  connected  software  from  Microsoft  to  be  an  agile  business. 

Emery  Forwarding,  part  of  Menlo  Worldwide,  needed  to  integrate  its  new  event  notification  software  with 
the  freight  transportation  and  logistics  system  it  uses  in  200  countries.  Using  .NET  connected  software 

from  Microsoft,  it  quickly  integrated 
the  new  system  with  its  legacy  UNIX 
environment  The  result:  Emery' now 
provides  customers  with  real-time 
information  about  shipments  and 
expects  more  tnan  a  100%  ROI 
in  less  than  rive  months.  Signed , 
sealed,  and  delivered. 
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AND  THE  CONDUCTOR 


CONNECT  THE  ORCHESTRA 


.NET  connected  software  from  Microsoft  lets  you  quickly  integrate  ail  your  enterprise 
applications,  so  you  can  automate  your  business  processes.  Your  goal  is  to  get  all 

the  aspects  of  your  enterprise  working  in  concert.  Your  reality  is  filled  with  disparate 
systems  that  clash  or  fail  to  connect  altogether.  .NET  connected  software  from  Microsoft 
provides  powerful,  visual  tools  that  help  you  easily  build  and  maintain  an  enterprise 
application  integration  solution  based  on  industry  standards  such  as  XML.  So  it  works  with 
the  applications  you  have,  as  well  as  those  you  adopt  in  the  future.  To  learn  more  about 
Microsoft’s  EAI  solutions  go  to  microsoft.com/integration  (  Software  for  the  Agile  Business?) 


The  Power  of  Performance 
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News 

■  8  Sun  expected  to  introduce  first  blade  server,  among  other 

server  and  storage  rollouts. 

■  8  Plethora  of  convergence  wares  on  tap. 

■  10  Sprint  shake-up  might  be  in  the  works. 

■  10  Start-up  scouts  for  redundant  data. 

■  12  NetPro  extends  Active  Directory  management  suite. 

■  16  Reporter’s  Notebook:  On  diminishing  returns,  robots 


and  the  unknowing. 

■  16ComNet  attendees  interested  ii 


Infrastructure 

■  17  School  solves  videoconfer¬ 
encing  puzzle. 

■  17  Versatile  IP  PBX  on  tap  from 
Zultys. 

■  20  NetVmg  ups  'Net  perfor¬ 
mance. 

■  20  Kevin  Tolly:  SQL 

Slammer  attack  reveals  reliability 
reality. 

Enterprise 

Applications 

■  23  IBM  steps  up  content 
management  play. 

■  23  Sana  Security  claims  cure  for 
server  intrusion. 

■  24  Scott  Bradner:  Familiar 
welcome  to  the  new  year. 

Service  Providers 

■  25  Cogent  CEO  Dave  Schaeffer 
talks  about  PSINet  integration  and 
future  growth. 

■  26  Johna  Till  Johnson: 

A  better  way  to  measure  value:  Total 
cost  of  service  delivery. 

■  28  Special  Focus:  How  low 

can  rates  go  on  traditional  data 
services? . . .  Just  ask. 

NetWorker 

■  33  Three  reasons  to  buy 
broadband. 

■  33  Mitel  adds  IP  phone  for 
teleworkers. 


wireless. 


Technology  Update 

■  35  SSL  safeguards  communi¬ 
cation. 

■  35  Steve  Blass:  Ask  Dr. 

Internet. 

■  36  Mark  Gibbs:  Automate 
with  Automate. 

■  36  Keith  Shaw:  Cool 
battery,  smart  spam  stopper. 

Opinions 

■  38  Editorial:  IP  PBXs:  Telling 
the  players  apart. 

■  39  Chris  Shipley:  Mining 
value  from  tech  events. 

■  39  Daniel  Briere:  Gadgets 
show  IT's  future. 

■  58  BackSpin:  Laying  blame 
when  things  are  going  wrong. 

■  58  'Net  Buzz:  When  the 
vendor  promises  a  "seamless 
transition,"  start  worrying. 

Management 

Strategies 

■  47  VPN  outsourcing:  Firms  are 
using  managed  services  to  circum¬ 
vent  the  staffing  burden  of  maintain¬ 
ing  VPNs. 


SUSAN  WERNER 


Toyota's  Bill  Strickland  says  an 
outsourced  VPN  was  cost-effec¬ 
tive  and  suited  for  the  future. 


RIBBON 


Features 

Testing  10G  Ethernet  switches: 

We  got  our  hands  on  five  new  10G  Ethernet  switches  and  ran  them 
through  a  battery  of  tests,  Only  ForcelO's  E1200  came  through 
with  true  10G  performance.  But  switches  from  HR  Foundry  and 
Avaya  offer  enough  bandwidth  and  features  to  make  them  prefer¬ 
able  to  link  aggregation  using  Gigabit  switches. 

Page  41. 

Online:  David  Newman  hosts  a  forum  to  discuss 
the  results  of  his  10G  Ethernet  testing:  DocFinder:  4147 


Vocera  Communication  System  1.02  02 

Offers  Star  Trek-like  voice  features  over  a  wireless  FAN. 


Page  45. 


ForcelO's  El 200  switch  deliv¬ 
ered  line-rate  performance. 
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Interactive 

Webcast:  Web  services  showdown 

Last  week  we  gathered  Web  services  leaders  BEA  Systems,  Microsoft, 
IBM  and  Oracle  to  field  questions  about  their  products,  debate  each 
other,  and  answer  questions  from  the  GomNet  2003  audience  and  our 
panel  of  experts.  Listen  to  what  they  had  to  say  about  development  tools, 
standards  and  interoperability  across  multiple  operating  systems. 
DocFinder:  4146 

Users  react  to  SQL  Slammer 

What  did  ComNet  attendees  have  to  say  about  the  recent  Slammer 
attacks?  Find  out. 

DocFinder:  4141 


Columnists 

Compendium 

How  to  respond  to  Slammer-like  attacks 
Fusion  Executive  Editor  Adam  Gaffin  passes  along  the  opinion 
of  a  Microsoft  programmer,  who  says  blaming  systems 
administrators  is  not  the  way  to  go  in  handling  these 
attacks.  DocFinder:  4144 

The  Bleeding  Edge 

A  look  at  new  service  revenue  generation  via  IP  services 
Analyst  Daniel  Briere  says  the  main  problems  today's  service 
providers  face  are  not  a  surprise  to  anyone  who  works  in 
the  telecom  Industry.  DocFinder  4145 


Review:  Siemens  SpeedStream  2524 
Poweriine  Wireless  DSL/Gable  Router 

Network  World  Test  Alliance  member  James  Gaskin  puts  Siemens'  new 
HomePlug/wireless  router  through  its  paces  in  this  online-exclusive 
review.  DocFinder:  4142 

Make  way  for  media  adapters 

In  his  new  weekly  column,  analyst  Mike  Wolf  looks  at  media  adapters, 
which  make  sharing  PC  and  entertainment  content  easy. 

DocFinder:  4143 
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Seminars  and  Events 

Service-level  management. 

Start  the  year  with  industry  visionaries  who  show  you  how  to 
use  service-level  management  to  increase  IT's  value  to  the 
business,  achieve  better  utilization  of  resources,  minimize 
costs  and  increase  user  satisfaction.  Register  today  for  this 
free  seminar.  "Service  Level  Management:  Deliver  on  Your 
Network  Guarantees." 

DocFinder:  3742 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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Routers  down,  switches  up, 
report  predicts 

■  The  router  market  will  remain 
depressed,  while  Ethernet  switch  sales 
are  expected  to  be  up  over  last  year, 
according  to  Dell’Oro  Group.  Dell’Oro 
says  worldwide  router  sales  will 
decline  2%  from  2002,  reaching  $6.2 
billion  this  year  —  the  third  year  in  a 
row  the  market  will  shrink.  Expected 
carrier  spending  cutbacks  of  5%  to 
10%  on  wireline  equipment  is  the 
cause  for  the  slide,  Dell’Oro  says. 
Growth  in  the  market  is  expected  over 


TheGood  leBad  >c  Ugly 

<§>  WorldCom  cattle  call. 

WorldCom  last  week  announced  it  is  selling 
Douglas  Lake  Ranch,  which  is  Canada’s 
largest  working  cattle  ranch  and  was  once 
a  pet  property  of  deposed  telecom  titan 
Bernie  Ebbers.  No  price  was  listed . 

. .  and  you  know  what  they  say  .  .  z> 
about  having  to  ask. 

Look  Ma,  no  hands.  Drivers  are 
more  accident-prone  when  using  cellular  phones -y  •• 
even  when  using  hands-free  models,  according  . 
to  new  research  from  the  University  of  Utah.  >>  ^ 

The  study  showed  that  drivers  using  cell  phones 
suffer  from  “inattention  blindness,"  that  is,  an  impaired  \ 
ability  to  process  visual  information.  > 

Our  heroes.  What’s  worse  than  getting  slammed— 

by  the  MS-SQL  Slammer  worm?  Getting  slammed  in  the  following  days  by  companies  boasting  "If  only  you 
had  used  our . . ."  One  company's  CTO  promised  to  explain  “how  easily  organizations  may  have  avoided 
fallout"  from  the  worm,  while  another  boasted  of  customers  whose  networks  were  "barely  disrupted." 


DAN  VASCONCELLOS 


the  long  run,  as  router  sales  are 

expected  to  reach  $7.9  billion  by  2007.  Meanwhile,  worldwide 
Ethernet  LAN  switch  sales  will  grow  3%  this  year  to  $1 1 .7  billion.The 
firm  says  network  expansions  at  small  and  midsize  businesses  will 
spur  growth  over  the  next  several  years,  with  the  market  reaching 
$16  billion  by  2007. 

Document  shows  WorldCom  hurting 

■  Bankruptcy  scandal  and  management  shifts  at  the  highest  levels  do  affect  a  company’s 
bottom  line.  While  most  watching  WorldCom  over  the  past  year  did  not  expect  the  carrier 
to  win  a  ton  of  new  business.no  one  really  knew  what  WorldCom  was  banking.  Last  week 
an  internal  sales  report  became  public  (www.nwfusion.com,  DocFinder:  4 135). The  doc¬ 
ument  details  sales  for  the  carrier  from  January  to  December  2002  for  certain  market 
segments  only  According  to  the  document,  the  carrier  reported  corporate  account  sales 
of  $7.3  million  in  January  2002.  By  December  that  figure  dropped  to  $3.5  million.The  doc¬ 
ument  also  detailed  the  company’s  global  account  sales.  In  January  2002  sales  totaled  $  1 1 
million.  By  December  global  account  sales  dropped  to  $6.1  million.  Corporate  markets 
include  data  services  for  large  business  users.  Global  markets  include  data  services  for 
multinational  users  only 

DoS  attack  hits  Web  broadcaster 

S  Internet  Broadcasting  Systems,  the  Minnesota  company  that  broadcasts  content  on  the 
Web  on  behalf  of  more  than  60  television  stations,  last  week  suffered  a  massive  denial-of- 
'•rvice  attack  on  its  Web  site  a  few  hours  before  President  Bush’s  state  of  the  union 
dress.The  attack  crippled  the  site  until  ISPs,  including  UUNET, could  filter  out  the  incom- 


Grid  overload? 


Aamright,  who  covers  technology  in  a  daily  Weblog,  worries  if  IBM's  going  to  do 
;  j  computing  what  Microsoft  did  to  .Net  -  apply  the  title  to  so  many  things  that 

P  becomes  meaningless. 

Read  mure  at  www.nwfusion.com,  DocFinder:  4151. 


ing  attack  packets,  a  process  that  took  about  two  hours.  According  to  IBS  President  Reid 
Johnson,  the  company  is  working  with  technical  advisers  to  prevent  future  DoS  attacks. 

Symantec  acknowledges  security  lapse 

■  Symantec  last  week  had  to  correct  a  flaw  in  its  Web  site  where  information  about  pos¬ 
sible  business  deals  with  outside  firms  was  exposed  to  Web  visitors  through  a  portion  of 
the  Symantec  site  called  “submit  a  deal.”This  part  of  the  Web  site  lets  companies  want¬ 
ing  to  enter  into  business  deals  with  Symantec  file  their  suggestions  via  an  electronic 
form,  but  because  of  Symantec’s  failure  to  ensure  proper  password  authentication, 
among  other  things,  the  information  was  left  exposed.  According  to  Symantec 
spokesman  Chris  Paden,  the  security  lapse  lasted  about  three  days  after  Symantec  had 
made  changes  to  the  site.  NGS  Software  discovered  the  problem. 

EU,  Microsoft  pact  lacks  substance 

■  The  agreement  last  week  between  European  data  protection  officials  and  Microsoft  to 
alter  the  .Net  Passport  service  and  better  protect  personal  data  is  more  show  than  sub¬ 
stance,  according  to  privacy  experts  and  analysts  familiar  with  the  terms  of  the  agreement. 
“This  is  a  case  of  Microsoft's  self-interest  and  the  European  Unions  interest  in  protecting 
its  citizens  being  happily  aligned,” said  Dwight  Davis,  vice  president  of  Summit  Strategies. 
Despite  blustery  statements  from  European  officials  about  wringing  “substantial  changes” 
to  .Net  Passport  out  of  Microsoft,  the  modifications  agreed  to  are  “tweaks,"  Davis  said.Those 
changes  include  giving  users  finer  control  of  what  information  they  share  with  Passport, a 
summary  of  key  information  about  privacy  policies  within  the  EU,a  link  to  the  European 
Commission’s  site  on  data  protection  laws  and  a  tool  for  creating  secure  passwords.  Users 
will  be  able  to  take  advantage  of  the  features  through  the  addition  of  a  prompt  that  will 
ask  them  to  designate  themselves  as  European  Union  residents. 

OASIS  issues  ecommerce  standard 

■  The  industrywide  consortium  Organization  for  the  Advancement  of  Structured 
Information  Standards  last  week  said  it  has  released  the  first  draft  of  a  royalty-free  data  rep¬ 
resentation  standard  for  e-commerce.  The  draft,  prepared  by  OASIS’  Universal  Business 
Language  Technical  Committee,  contains  specifications  for  XML  representations  of  seven 
key  business  documents:  order, order  response, simple  order  response, order  cancellation, 
despatch  advice,  receipt  advice  and  invoice.The  UBL  specifications  will  be  widely  applic¬ 
able  in  general  business;  in  the  accounting, customs, taxation  and  shipping  industries;  and 
anywhere  that  supply-chain  management  is  involved. 


Speed  and  Security — On  the  Go! 

“We  have  been  able  to  reduce  our  credit  card  authorizations  to  an 
average  of  five  second  or  less,”  says  Marty  Maglio,  director  of  IT 
Architecture  for  Wawa  Food  Markets — a  convenience  store 
chain  with  more  than  550  locations  throughout  the  mid-Atlantic 
region. “This  has  improved  our  customer  service  while  cutting  our 
communication  costs  in  half!” 

The  Bottom  Line:  New  WAN  solution 
improves  customer  service,  saves  money 


Find  out  more  at  enterasys.com/nw/wawal. 


More 

Online 


High-Performance,  "Security  Tough"  Branch  Routers 


If  you've  been  fortunate  enough  to  vacation  on  a  tropical  island,  you  know  the  pleasure  of  getting  away  from  it  all. 
Unfortunately,  if  you  own  an  island  home,  you  also  know  the  stress  of  maintaining  this  corner  of  paradise.  It's 
impractical  to  fly  back  and  forth  every  weekend  to  check  on  your  property,  so  you're  consumed  by  thoughts  of  burglary, 
fire,  flood.  Interestingly,  these  problems  are  similar  to  those  faced  by  a  CIO  struggling  to  manage  remote  office  networks. 


Like  a  beach-front  cottage,  your  branch 
offices  may  become  inaccessible  due 
to  natural  or  man-made  disasters.  IT 
systems  may  become  compromised  by 
malicious  hacker  attacks,  disgruntled 
employees  or  Internet-born  viruses. 
WAN  links  may  fail,  or  a  local  utility 
may  dig  up  their  lines  and  inadvertent¬ 
ly  cut  through  yourT-1  cable. 

To  compound  the  problem,  nobody  at 
the  branch  office  can  tell  the  difference 
between  Ethernet  and  Inkjet — so  if 
something  does  go  wrong  they  are  not 
likely  to  diagnose  a  Denial  of  Service 
attack  or  router  configuration  error. 

There  are  steps  you  can  take  to  protect  the 
remote  office  network.  The  most  obvious 
and  the  most  often  overlooked  is  disaster 


assessment.  Determine  the  nature  and 
extent  of  risks,  and  develop  contingencies 
to  address  these  risks.  Other  good  house¬ 
keeping  tasks  include  always  having 
Service  Level  Agreements  for  your  WAN 
connections,  using  distributed  firewalling, 
deploying  VPN  backup  services  and 
setting  up  automated  offsite  data  backup. 


Security  Routers  to  the  Rescue 

To  help  you  meet  the  challenge,  there  are 
new  security  routers.  These  devices  provide 
connectivity  over  a  wide  range  of  WAN 
circuits — including  Frame  Relay,  T-l  and 
xDSL — as  well  as  cost-effective  and  rapidly 
deployed  VPN  tunnels.  A  security  router  also 
includes  firewalling  to  protect  remote  office 


networks  from  attack,  and  Intrusion 
Detection  capabilities  so  you  know  when  an 
attack  has  taken  place.  And  unlike  the  prior 
generation  of  routers  that  simply  added 
security  features  on  top  of  an  enormous 
router  code  base,  today’s  security  routers  are 
built  “security  tough”  from  the  ground  up. 


Start  with  a  Plan 

Of  course  the  convergence  of  security  and 
networking  at  branch  offices  requires  more 
than  just  plugging  in  a  new  device.You  must 
have  a  defined  network  security  policy. 


Security  systems,  applications  and  services 
are  the  common  constituents  of  just 
about  every  security  strategy  But  how  does  it 
all  come  together?  For  more  information,,,^ 

go  to  enterasys.com/nw/branch  1 .  S.T 
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New  security  routers  offer  several  options  for  WAN 
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Enterasys  Branch  Router:  7  Times  the  Throughput  of  Cisco 


The  Tolly  Group  recently  measured  the  per¬ 
formance  of  the  Enterasys  XSR-1805  and  XSR- 
1850  security  routers, and  compared  the  results 
to  the  performance  of  Cisco  Systems  1700 
series  and  2600  series  branch  office  routers 
in  identical  configurations.  Measuring  routing, 
VPN  throughput,  Access  Control  list  (ACL) 
capabilities  and  Quality  of  Service(QoS),  the 
XSR  routers  outperformed  their  Cisco 
equivalents  in  every  category 

Important  highlights  included: 

•  VPN  Throughput — XSR-1805  forwards 
seven  times  more  zero-loss  throughput 

than  the  Cisco  265 1XM  in  an  IPSec  tun¬ 
nel  configuration  at  100  Mbps  with  1,420- 
byte  packets 


•  Layer  3  Throughput — XSR- 1850 
processes  three  times  the  zero-loss  Layer 
3  throughput  of  the  Cisco  2651XM  at  100 
Mbps  for  512-byte  packets  and  larger 

•  100  Mbps  with  QoS— XSR-1850 
provides  more  than  triple  the  throughput 
of  the  Cisco  265 1XM  when  forwarding 
1,518-byte  packets  at  100  Mbps  with  QoS 
enabled 

The  results  of  the  study  led  Kevin  Tolly, 
president  of  The  Tolly  Group  to  conclude, 
"Typically,  we  see  vendors  test  performance 
with  ancillary  functions  like  ACL  and  QoS 
processing  turned  off,  but  Enterasys  tested 
its  routers  with  full-device  functionality 
enabled,  meaning  users  get  a  truer  picture 
of  overall  device  performance." 

Full  details  and  test  results  are  available  at 

http:  //www.en  terasys.com/ performance 
or  http://www.tolly.com 


Why  high  throughput  when  connecting 
across  WAN  links  at  speeds  of  only  a  few 
megabits?  This  is  analogous  to  why  we  buy 
cars  with  top-rated  speeds  of  160  MPH, 
when  the  speed  limit  in  most  places  is  65 
MPH.  A  high-performance  security  router 
needs  the  horsepower  to  easily  handle  the 
demands  of  real-world  network  configura¬ 
tions — configurations  with  VPN,  ACLs  and 
QoS  enabled — to  protect  your  corporate 
intelligence  and  optimize  your  resources. 

For  example,  when  every  remote  employee 
decides  to  live  stream  the  CEO’s  quarter-end 
earnings  broadcast,  you  know  that  the  XSR 
router  is  up  to  the  task.  Without  a  high- 
performance  security  router,  all  bets  are  off. 

Enterasys’ XSR  security  routers  were  explic¬ 
itly  designed  to  deliver  best-in-class  price 
performance.  For  more  information  go  to 

enterasys.com/nw/tollyl 
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Sun  to  roll  out  first  blade  server 

Sun's  in  blade  running 


Sun’s  new  Blade  16000s  are  the  first  blades  built  using  a 
RISC-based  processor. 


Vendor 

Product 

Processor/No. 
of  processors 

No.  of  blades 
per  chassis 

Dell 

PowerEdge  1655 

Pentium  111/2 

6 

Egenera 

BladeFrame  Pblade 

Xeon/2  or  4 

24 

HP 

BL  e-Class 

Pentium  111/1 

20 

HP 

BL  p-Class 

Pentium  ill/2  or  4 

8 

IBM 

BladeCenter 

Xeon/2 

14 

RLX 

ServerBlade  1200i 

Pentium  lll-M/1 

12 

RLX 

ServerBlade  800i 

Pentium  III  low  volt/1 

24 

Sun 

Sun  Blade  16000 

UltraSparc  111/1 

12 

a  BY  DENI  CONNOR 

MOUNTAIN  VIEW,  CALIF—  Sun 
next  week  is  expected  to  intro¬ 
duce  the  company’s  first  blade- 
based  server,  as  well  as  two 
midrange  storage  arrays,  a  12- 
processor  server  and  enhance¬ 
ments  to  its  high-end  servers. 

While  Sun  would  not  comment 
on  the  announcements,  sources 
say  they  will  include: 

•  The  first  UltraSPARC-based 
server  blade  platform,  which 
will  let  customers  deploy  ultra- 
thin  machines  in  space-con- 
strained  environments  where 
multiple  servers  run  the  same 
applications. 

•  The  StorEdge  3510  Fibre 
Channel  Storage  Array,  which  lets 
customers  deploy  midrange 
modular  storage  as  their  capacity 
needs  grow. 

•  Network-attached  storage 
(NAS)  capability  for  the  StorEdge 
33 10,  a  SCSI-based  disk  array  Sun 
unveiled  in  the  fall. 

•  The  Sun  Fire  vl280  entry-level 
server,  which  customers  can  use 
in  workgroups  or  departments 
running  ERR  CRM  or  database 
applications. 


Few  details  are  known  about 
the  Sun  Blade  16000s,  uniproces¬ 
sor  server  blades  the  company  is 
expected  to  announce.  The 
16000s  use  UltraSPARC  III  proces¬ 
sors  and  fit  16  blades  in  a  rack- 
mount  enclosure.  They  are  de¬ 
signed  for  ISPs,  application  ser¬ 
vice  providers,  carriers  and  enter¬ 
prises  to  use  where  space  is 
expensive,  cabling  needs  to  be 
simplified  and  servers  must  be 
repurposed  on-the-fly 
The  Sun  Blade  16000s  will  run 
Solaris  and  are  expected  to  have 
Gigabit  Ethernet  connections  to 


the  network  and  NAS  devices. 
Future  versions  will  support 
InfiniBand,  sources  say 
The  new  Fibre  Channel  array 
will  support  up  to  12  146G-byte 
drives  operating  at  10,000  RPMs 
for  a  total  capacity  of  as  much  as 
1.7  terabytes,  sources  say.  The 
Sun  StorEdge  3510  Fibre  Chan¬ 
nel  Array  will  complement  Sun’s 
SCSI-based  StorEdge  3310,  which 
has  been  enhanced  to  offer  NAS 
capability  and  support  for  AIX 
and  HP-UX.  The  StorEdge  3510 
will  support  the  same  operating 
systems  as  the  3310:  Windows 


NT/2000,  Solaris,  Linux,  HP-UX 
and  AIX. 

Customers  say  they  welcome 
the  additional  capabilities  of  Sun’s 
StorEdge  3300  storage  systems. 

“I’m  very  happy  to  see  Sun 
expand  its  entry-  and  midlevel 
storage  options,”  says  John 
Groenveld,  associate  research 
engineer  at  The  Pennsylvania 
State  University  in  State  College. 
“I’ll  be  looking  at  the  StorEdge 
3000  line  as  external  storage  for 
database  servers  as  well  as  for 
my  department’s  software  devel¬ 
opers’  source  code  repository’ 

The  Sun  Fire  vl280,  which  has 
two  to  12  UltraSPARC  III  proces¬ 
sors  running  at  900  MHz,  is  the 
largest  of  Sun’s  line  of  v  Series 
servers.  It  features  some  of  the 
same  capabilities  as  Sun’s  high¬ 
er-end  systems  —  dynamic  parti¬ 
tioning  and  reconfiguration  of 
systems  resources  —  technolo¬ 
gies  that  let  IT  managers  run 
multiple  applications  on  a  serv¬ 
er  in  protected  partitions  and 
automatically  balance  the  mem¬ 
ory,  bandwidth  and  number  of 
processors  to  accommodate 
tasks. 

Sun:  www.sun.com 
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Plethora  of  convergence  wares  on  tap 


■  BY  PHIL  HOCHMUTH 

Convergence  products  announced  last 
week  from  Cisco,  AltiGen  and  Avaya  could 
help  customers  more  effectively  link  voice 
and  e-mail  applications,  increasing  user  pro¬ 
ductivity  and  easing  administration  tasks. 

The  software  and  hardware  products  are 
aimed  at  small  and  midsize  businesses  —  up 
to  1,000  employees  —  which  typically  have 
smaller  IT  staffs.  Besides  desktop  productivity 
vendors  say  converged  IP  telephony  applica¬ 
tions  such  as  unified  messaging  can  offer 
administration  improvements  by  letting  fewer 
staff  support  more  applications. 

Cisco  added  unified  messaging  to  its  Inte¬ 
grated  Communication  System  (ICS)  7750,  a 
combination  IP  PBX,  unified  messaging  and 
application  server  for  companies  with  50  to 
1,000  employees.  The  box  now  supports 
Cisco’s  Unity  Unified  Messaging  4.0  software, 
which  can  combine  Cisco  voice  mail  with 
■  u'ssaging  products  such  as  Microsoft  Out- 
:  '4.  and  IBM  Lotus  Domino  into  a  single 
i  K-end  system  and  end-user  interface.The 
so'tv,  :re  lets  users  receive  voice  mail  and 
e-i :  ,:.s  through  a  groupware  client  inter¬ 
face,  .v 'ii  ry  voice  messages  can  be  sorted, 
forwardei  ih rough  e-mail  and  listened  to  on 
a  PC  or  IT  phone. 

The  West  Virginia  University  Foundation,  an 
indopenoent  fund-raising  group  for  the  uni¬ 


versity  installed  the  ICS  7750  in  its  Morgan¬ 
town  office  more  than  a  year  ago.  Support  for 
Cisco  Unity  on  the  ICS  7750  “is  something 
we’ve  been  waiting  for;”  says  Mike  Phillips, 
director  of  technical  services  for  the  60-per¬ 
son  office.’The  ability  to  add  [unified  messag¬ 
ing]  was  one  of  the  reasons  we  installed  an  IP 
phone  system  in  the  first  place.” 

The  organization  could  see  productivity 
gains  from  its  employees  by  combining 
access  to  voice  mail  and  email  through  a  sin¬ 
gle  Outlook  interface,  Phillips  says. 

Cisco’s  ICS  7750  starts  at  $15,000.  Cisco 
Unity  4.0  costs  $135  per  user.  Outlook  is  sold 
separately. 

AltiGen  announced  its  AltiServl  IP  and 
AltiServ2  IP  telephony  boxes, which  are  aimed 
at  offices  with  eight  to  600  users.  The  AitiServ 
products  are  server-based  on  an  Intel/ 
Windows  2000  Server  with  an  IP  switching 
architecture,  while  the  previous  AltiGen 
AitiServ  boxes  were  a  hybrid  of  IP  and  TDM 
architectures.  Call  processing  is  done  on  PCI 
cards  in  the  servers,  which  run  AltiGen’sAltiOS 
embedded  call  control  software.  This  allows 
for  faster  call  processing  and  for  survivability 
of  phone  service  in  the  event  of  a  server  out¬ 
age,  the  company  says. 

The  AitiServ  boxes  support  up  to  eight  T-l/ 
E-l  trunks  for  public  switched  telephone  net¬ 
work  or  WAN  service  connectivity. The  IP  PBXs 
are  based  on  the  H.323  protocol,  and  work 


with  AltiGen’s  Alti-IP  600  IP  phones  and  H.323- 
based  phones  from  Polycom  and  Siemens. 
Contact  center  software  that  integrates  with 
Outlook  and  Goldmine  CRM  software  also  is 
included. 

The  AitiServ  1  and  AitiServ  2  IP  PBXs  will  be 
available  on  Feb.  15  at  a  per-seat  cost  of  $200 
to  $500  (not  including  phones). 

Also  announced  last  week  was  an  IP  PBX  for 
midsize  and  large  businesses  from  industry 
newcomer  Zultys  (see  story,  page  17). 

On  the  convergence  application  front, 
Avaya  announced  that  its  Unified  Messenger 
product  now  integrates  with  IBM  Lotus 
Domino  and  Outlook  messaging  platforms, 
which  will  let  users  access  voice  mail, e-mail 
and  faxes  from  a  single  interface.  The  soft¬ 
ware  also  lets  users  retrieve  voice  and  e-mail 
messages  over  any  phone  connection,  with  a 
text-to-speech  function  that  can  “read”  e- 
mails  over  the  phone.  Unified  Messenger  can 
interoperate  with  Avaya’s  Definity  line  of 
PBX  phone  switches,  its  Eclips  IP  PBX  prod¬ 
ucts,  along  with  Avaya  Octel  and  Audix  voice 
mail  systems. The  software  costs  $400  to  $600 
per  user.  ■ 


Convergence 

Subscribe  to  our  free  newsletter. 
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Building  carrier  class  enterprise  networks 


Availability  in  enterprise  networks  has  improved  in  recent 
years  -  but  it's  come  at  a  price,  and  still  doesn't  approach  what 
you  expect  from  carrier  networks. 

Is  your  data  network  less  important  than  your  voice  network? 
In  many  cases,  it's  even  more  critical. 

Building  a  carrier  class  enterprise  network  means 
continuous  network  operation  from  the  edge  to  the 
core,  so  that  network  failures  have  zero  impact  to 
the  end  user  and  mission-critical  applications  are 
always  accessible. 


Alcatel's  next-generation  enterprise  products  have  integrated 
technologies  that  ensure  carrier  class  availability  and  high 
performance  to  the  enterprise,  without  a  cost  premium. 

Alcatel  has  a  history  of  innovation  and  proven 
leadership,  and  has  been  building  carrier 
networks  around  the  world  for  over  half  a  century. 

Carrier  class  is  a  distinction  you  have  to  earn. 
We've  earned  it  and  now  deliver  it  to  your 
enterprise  with  the  next  generation 
OmniSwitch  family. 


Alcatel  redefines  availability 
for  the  enterprise 


www.alcatel.com/  enterprise 

(800)  995-2612 
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print  shake-up  might  be  in  the  works 


Esrey’s  legacy 


William  Esrey,  chairman  and  CEO  at  Sprint,  has 
overseen  the  carrier  through  many  changes. 


1996  - 

Esrey  debuts  next-generation  local,  long¬ 
distance  voice  and  data  Integrated  On- 
Demand  Network  (ION)  service  on  Broadway. 


1976 

United 

Telecommuni¬ 
cations  has  $1 
billion  in  revenue. 


1984  - 

Leads  the  company's 
push  into  the  long¬ 
distance  market. 


1993 - 

Sprint  merges  with  Centel,  a  local  and 
wireless  phone  company. 


1992 - 

Company  officially  changes  its  name  from 
United  to  Sprint. 


I 


X 


X 


2000 - 

Merger  called  off  in 
light  of  regulatory 
scrutiny;  Sprint 
exits  Global  One 
venture. 


X 


~1 - 


1980 


1980  - 

Esrey  joins  United 
Telecommunications  as  executive 
vice  president  of  corporate  planning. 


1990 


1985 -  1994 - 

Elected  CEO  Heads  Sprint’s  initiative  to  build  out  a 
national,  digital  wireless  network  now 
called  Sprint  PCS.  Sprint  created 
Global  One  international  venture  with 
French,  German  carriers. 


1999 - 

Sprint  and  World¬ 
Com  announce  plans 
to  merge  in  a  deal 
valued  at  $129  billion. 


2000 


2001 - 

Sprint  kills  ION 
service  revenue 
hits  $26  billion. 


■  BY  DENISE  PAPPALARDO 

Speculation  last  week  that 
longtime  Sprint  Chairman  and 
CEO  William  Esrey  is  about  to 
step  down  had  industry  watch¬ 
ers  looking  back  at  his  career 
while  raising  concerns  about  the 
company’s  future. 

“This  is  not  the  best  time  for 
Sprint  to  be  dealing  with  a  man¬ 
agement  shift,’’  says  Lisa  Pierce, 
an  analyst  at  Giga  Information 
Group.  “This  is  a  time  when 
Sprint  could  be  playing  up  sta¬ 
bility  at  the  executive  level, 
which  is  a  unique  position 
[compared  with  other  carriers] .” 

Sprint  declined  to  comment 
but  is  expected  by  industry 
watchers  to  announce  Esrey’s 
plans  along  with  its  2002  year-end 
financial  results  Wednesday  Esrey 
63,  was  diagnosed  with  cancer  of 
the  lymphatic  system  in 
November. 

Analysts  have  low  expectations 
for  Wednesday’s  financial  news 
given  Sprint’s  painfully  slow  rev¬ 
enue  growth  in  recent  quarters  (it 


only  crept  up  from  $6.6  billion  in 
the  third  quarter  of  2001  to  $6.8 
billion  in  the  third  quarter  last 
year)  and  generally  poor  results 
across  the  telecom  industry. 
Sprint,  like  other  carriers,  has 
been  hard  hit  by  eroding  margins 
in  consumer  voice  and  stagnant 
business  service  growth.  Recently 


Verizon  surpassed  Sprint  as  the 
nation’s  No.  3  long-haul  carrier. 

Although  Esrey  might  not  be 
leaving  Sprint  at  the  best  of  times, 
observers  say  the  company  and 
industry  owe  him  much. 

“He  has  every  right  to  be  proud 
of  his  and  his  team’s  accom¬ 
plishments  over  the  past  18 


years,”  Pierce  says. 

Esrey  was  elected  the  compa¬ 
ny’s  CEO  in  1985,  one  year  before 
Sprint  —  then  called  United  Tele¬ 
communications  —  launched  its 
first  long-distance  service.  Pre¬ 
viously  the  carrier  largely  provid¬ 
ed  local  service  in  rural  areas. 

Today  Sprint  offers  local,  long¬ 


distance  and  international  ser¬ 
vices.  Its  digital  wireless  network, 
which  spans  4,000  cities  and  sup¬ 
ports  16.7  million  subscribers,  is 
among  the  industry’s  largest. 

Among  Sprint’s  boldest  moves 
was  its  attempt  to  merge  with 
WorldCom  in  1999, a  deal  that  reg¬ 
ulators  shot  down  because  of 
competitive  concerns.Since  then, 
Sprint’s  name  has  surfaced  in 
connection  with  many  merger 
rumors,  including  with  assorted 
regional  Bell  operating  compa¬ 
nies,  most  often  BellSouth. 

“It  was  clear  that  Sprint  was 
really  trying  to  push  that  deal 
through.  When  it  fell  apart  it  was 
a  real  slap  in  the  face,” says  Johna 
Till  Johnson,  president  and  chief 
researcher  at  Nemertes  Research 
and  a  Network  World  columnist. 

In  hindsight,  Sprint  dodged  a 
bullet. 

“[Sprint  has]  always  had  its  val¬ 
ues  in  the  right  place,”  Johnson 

says. 

Esrey  has  been  outspoken 
about  the  damage  WorldCom  has 
done  to  the  telecom  industry. 

“At  Sprint,  we  kept  asking  our¬ 
selves  what  we  were  doing 
wrong  because  we  couldn’t  gen¬ 
erate  the  numbers  WorldCom 
claimed,”  Esrey  said  in  a  speech 
in  October. 

“To  compete,  other  carriers 
were  forced  to  drop  prices  to 
nearly  unsustainable  levels.  As 
we’ve  discovered,  the  margins 
were  a  work  of  fiction,  but  the 
destructive  effect  on  our  indus¬ 
try  was  very  real,”  he  added. 

Esrey’s  right-hand  man,  COO 
Ronald  LeMay,  is  also  said  to  be 
leaving  Sprint,  possibly  opening 
the  door  for  BellSouth  executive 
Gary  Forsee  to  take  over  ■ 


Start-up  scouts  for  redundant  data 


■  BY  DENI  CONNOR 

AUSTIN, TEXAS  —  Deepfile  CEO 
Jeff  Erramouspe  says  that  half  the 
files  on  a  typical  corporate  net¬ 
work  are  unaccounted  for,  either 
because  they  are  redundant  or 
haven’t  been  accessed  for  a  long 
time.  Not  only  does  this  waste  stor¬ 
age  capacity, but  it’s  a  difficult  envi¬ 
ronment  to  manage  and  can  leave 
a  company  exposed  to  security 
risks,  he  says. 

Deepfile’s  answer  to  the  problem 
will  come  in  the  form  of  two  appli¬ 
ances  designed  to  help  compa¬ 
nies  search  for  redundant  or 
unused  files  and  take  action  on 
them.  The  company  expects  to  have  both 
products,  which  will  work  with  Windows 
NT/2000  file  servers  and  network-attached 
storage  devices,  available  as  soon  as  April. 

The  first  product.  Auditor,  grazes  a  file  sys¬ 
tem,  pulls  back  metadata  on  every  file  and 
saves  it  to  a  database  on  the  appliance.  Each 
file  is  gi\  en  a  unique  signature  —  a  checksum, 
pel  se  —  that  lets  the  appliance  compare  files 
for  sameness  even  if  they  have  different 
names  and  locations.  It  then  reports  the  files, 
their  locations  and  characteristics  to  the  sec¬ 
ond  product,  Enforcer. 

Based  on  rules  the  IT  manager  sets,  Enforcer 
will  cull  duplicate  files  and  directories  and 
migrate  older. still-useful  files  to  less-expensive 


DEEPFILE 


Location: 

Austin, Texas 

Founded: 

November  2000 

Founders: 

Jeff  Erramouspe,  president  and  CEO,  formerly  with 
Vignette;  Jeff  Bone,  CTO,  formerly  with  Activerse, 
Sun  and  Dell 

Products: 

Deepfile  Auditor  and  Enforcer  file  management 
appliances 

Funding: 

$1  million  fromTechxas  Ventures  and  angel  investors 

Employees: 

8 

Fast  fact: 

The  company  got  off  to  an  inauspicious  start  when 
it  temporarily  lost  its  domain  name  to  a  scavenger 
through  a  Network  Solutions  billing  error. 

storage  or  tape. 

“From  a  business  point-of-view,  1  was  inter¬ 
ested  in  knowing  how  our  storage  was  being 
allocated  between  high-cost  storage,  medi¬ 
um-cost  storage  and  our  least-expensive, 
direct-attached  storage,”  says  David  Graham, 
director  of  IT  operations  for  Web-based  con¬ 
tent  management  vendor  Vignette.  “1  wanted 
to  make  sure  Vignette  was  using  our  storage 
resources  to  the  highest  and  best  use.” 

Graham  has  installed  a  Network  Appliance 
filer  that  has  about  eight  terabytes  of  data  and 
uses  early  units  from  Deepfile  to  monitor  it. 

“[Deepfile’s  appliance]  scans  a  very  large 
file  system  in  our  case  and  provides  detailed 
statistics  about  the  makeup  of  that  data,”  says 


Darren  Johnson,  senior  IT  admin¬ 
istrator  for  Vignette.  “We  knew  we 
were  filling  up  the  file  server  but 
didn’t  know  what  exactly  made 
up  the  data. . . .  With  Deepfile,  we 
found  that  as  much  as  hundreds 
of  gigabytes  of  data  is  duplicated.” 

The  products  are  implemented 
as  lU-high  servers,  which  connect 
to  the  network  via  a  10/1 00/ 1 000M 
bit/sec  Ethernet  port. 

Jamie  Gruener,  a  senior  analyst 
with  The  Yankee  Group,  says 
Deepfile  has  elegantly  combined 
technologies  often  found  in  sepa¬ 
rate  products. 

“They  combine  policy-based 
management  with  data  manage¬ 
rs  very  simply  ‘Capacity  Planning 
and  Management  101’  for  file-oriented  data,” 
he  says. 

Deepfile  is  similar  to  another  young  compa¬ 
ny  called  Arkivio  in  that  it  collects  metadata  in 
the  same  fashion,  Gruener  says.  Deepfile  dif¬ 
fers  in  that  it  handles  both  Windows  Common 
Information  File  System  and  Unix  Network 
File  System  data  and  provides  more  data  man¬ 
agement  capabilities. 

Deepfile  Auditor  and  Enforcer  have  Web- 
based  interfaces  for  local  or  remote  manage¬ 
ment.  Auditor  is  available  now  starting  at 
$10,000  for  the  initial  two  terabytes  of  data 
managed  per  year.  Enforcer  will  be  available 
in  the  second  quarter  starting  at  $20,000.  ■ 
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Every  customer  is  an  investment.  But  are  you  investing  wisely? 
mySAP™  CRM,  the  only  open  and  integrated  CRM  solution,  makes  valuable 
customer  data  available  to  your  entire  organization.  In  real  time.  So  the  back 
office  knows  what  the  front  office  knows,  which  makes  it  easier  to  give 
customers  what  they  need.  A  lot  more  efficiently.  And  for  a  lot  less  money. 
Visit  sap.com  or  call  800  880  1727  to  find  out  more  about  rnvSAP  CRM. 

FTT 

THE  BEST-RUN  BUSINESSES  RUN  SAP 


NetworkWorld 


2/3/03 


News 


www.nwfusion.com  [ 


Road  to  the  future 

In  the  next  18  months,  Lotus  plans  to  roll  out  a  variety  of  products  that  will  more  tightly 
integrate  Domino  with  DB2  and  WebSphere. 


Planned 
ship  date 

Product 

Description 

April  1,  2003 

WebSphere  Portal  4.2  Extend 

Vehicle  for  integrating  Domino  components  into  WebSphere. 

Lotus  Learning  Management  System 

First  Lotus-branded  product  that  runs  on  WebSphere/DB2;  includes 
reference  model  client  for  Next  Generation  platform. 

July  1,  2003 

Lotus  Domino  ToolKit  for  WebSphere  Studio 

Helps  transition  Domino  developers  to  J2EE,  JSP  world. 

WebSphere  Portal  Extend  w/Collaboration  Center 

Conferencing,  teamware,  search  technology. 

Next  Gen  Mail 

First  collaboration  component;  provides  message  routing  agent  for 
component-based  model. 

Dec.  31, 2003 

Notes/Domino  6.5 

Provides  alternative  client  support. 

WebSphere  Portal  5  Extend 

Next  version  of  component  portal. 

Rapid  Applications  Development  tools  for  J2EE 

Domino  Designer  features  in  WebSphere  Studio  further  aid  in  developer 
transition  to  J2EE. 

Next  Generation  Collaborative  Capabilities 

More  components  including  calendaring,  instant  messaging. 

2004 

Domino  7.0 

Option  to  run  DB2  as  data  store;  Web  services  begin  to  replace  Java  APIs. 

Lotus 

continued  from  page  1 

collaborative  components  and 
development  tools  that  inte¬ 
grate  Domino  with  WebSphere 
and  DB2. 

“Code  talks,”  said  new  Lotus 
general  manager  Ambuj  Goyal, 
whom  IBM  software  chief  Steve 
Mills  sent  to  craft  Domino  into  a 
set  of  collaborative  components 
for  IBM’s  On-Demand  comput¬ 
ing.  Goyal,  who  built  IBM’s  back¬ 
end  WebSphere  Business  In¬ 
tegration  business,  says  he  plans 
to  build  front-end  services  using 
Domino.  “The  more  code  we 
ship  the  more  people  will 
believe  that  we  are  doing  this,” 
he  says. 

The  strength  of  the  Lotus  stand 
at  Lotusphere  highlighted  IBM’s 
commitment  to  evolve  its  Next- 
Generation  Domino  platform  and 
Java  2  Platform  Enterprise  Edition 
development  environment. 

“The  evolution  of  Domino  is 
happening  more  rapidly  than  I 
thought,”  said  Andrew  Krause,  a 
collaboration  specialist  with  a 
federal  government  agency. 
“But  they  also  have  a  strong 
interest  in  not  alienating  Dom¬ 
ino  customers.” 

Sources  say  Lotus  plans  15-  to 
18-month  release  cycles  that  will 
include  a  maintenance  update 
and  a  version  that  introduces 
new  features. 


But  Krause  said  the  reality  of 
two  Domino  versions,  the  tradi¬ 
tional  monolithic  model  and  the 
set  of  components  that  run  on 
WebSphere,  means  choices 
eventually  will  have  to  be  made. 
“We  are  a  WebSphere  customer 
also,  and  we  are  already  trying  to 
rationalize  two  [collaboration] 
environments.  Management  will 
always  ask  us  why  we  have 
both.” 

Just  a  year  removed  from  the 
conceptual  models  presented  at 
Lotusphere  2002,  where  the  com¬ 


pany  showed  up  without  having 
shipped  a  major  product  for  three 
years,  Lotus  demonstrated  prod¬ 
ucts  and  tools  that  will  become 
the  foundation  for  Next-Genera¬ 
tion  Domino.  The  Next-Genera¬ 
tion  platform  is  a  set  of  collabora¬ 
tive  components  such  as  mail 
and  calendaring  that  can  be 
embedded  in  applications  and 
run  on  WebSphere. 

“IBM  has  executed  well  over  the 
past  12  months,” says  Matt  Cain, an 
analyst  with  Meta  Group,  on 
the  high-stakes  Domino-to-Web 
Sphere  transition.  “The  question 
is,  how  many  of  the  60  million 
Domino  users  will  drop  out?” 

While  that  answer  will  play  out 
over  many  years,  Cain  says  Lotus 
last  week  reaffirmed  that  Micro¬ 
soft’s  collaboration  strategy  re¬ 
mains  disjointed  as  the  two 
rivals  work  to  create  sets  of  col¬ 
laborative  components  and  jos¬ 
tle  for  supremacy  in  the  Web  ser¬ 
vices  world. 

“I’m  interested  in  the  openness 
of  the  platform  IBM  is  building,” 
says  Frank  Hughes,  a  Notes  ad¬ 
ministrator  for  a  large  power 
company.  “1  can  leverage  my 
existing  [Domino]  infrastructure 
into  Next  Generation.  1  don’t 
want  to  get  into  Microsoft.  1  don’t 
think  they  have  a  coherent  col¬ 
laboration  strategy’ 

Lotus  is  trying  to  emphasize 
that  point. 

The  company  says  it  will  del¬ 
iver  in  the  first  half  of  this  year 
the  initial  collaboration  compo¬ 
nent  called  Next  Gen  Mail,  an 
e-mail-only  server  that  runs  on 
WebSphere. 

IBM  says  it  hopes  Next  Gen 
Mail  will  help  users  familiarize 
themselves  with  components 


and  the  value  of  the  component 
architecture,  where  Next  Gen 
Mail  can  be  embedded  in  appli¬ 
cations  such  as  workflow  to  pro¬ 
vide  a  mail-routing  function. 

The  component,  which  can 
deliver  mail  to  low-end  users, 
also  might  make  IBM/Lotus 
enticing  to  Microsoft  Exchange 
5.5  customers  who  might  not 
want  to  upgrade  to  Exchange 
2000  and  Active  Directory.  Those 
users  must  make  migrations  this 
year  as  support  ends  for  Ex¬ 
change  5.5. 

Microsoft  does  not  have  a 
counter  for  Next  Gen  Mail, 
which  provides  users  the  option 
of  rolling  out  low-cost,  mail-only 
seats  to  workers  who  haven’t  tra¬ 
ditionally  had  e-mail,  such  as 
shop  floor  workers.  The  catch, 
however,  is  that  companies 
would  have  to  deploy  Web¬ 
Sphere. 

Microsoft  for  now  cannot  pro¬ 
vide  comprehensive  e-mail  de¬ 
ployment  and  pricing  options 
that  cover  everyone  from  power 
users  to  occasional  users. 

Lotus  plans  to  price  Next  Gen 
Mail  at  $25  per  seat,  according  to 
Lotus  sources.about  half  the  cost 
of  a  Domino  seat.  Microsoft’s  list 
price  for  Exchange  is  $67. 

Lotus  also  previewed  the  next 
major  release  of  Domino,  slated 
for  2004,  that  has  an  option  to 
use  DB2  as  its  back-end  store. 
Like  Next  Gen  Mail,  it  begins  to 
give  users  a  taste  of  Domino’s 
Next-Generation  platform.  Sup¬ 
port  for  DB2  also  includes 
Domino’s  replication  technology 
which  works  between  the  Notes 
client  and  DB2  to  let  users  syn¬ 
chronize  data. 

The  database  is  important  be- 


NetPro  extends 
Active  Directory 
management  suite 

■  BY  JOHN  FONTANA 

SCOTTSDALE,  AR1Z. —  NetPro  has  announced  a  new  module  for  its 
management  and  monitoring  suite  designed  to  plug  a  lingering  cor¬ 
porate  security  concern  in  Microsoft’s  Active  Directory  technology 

The  company  last  week  shipped  DirectoryLockdown,  which  is  built 
to  block  directory  attacks  that  disgruntled  administrators  could 
launch  from  inside  a  company.  NetPro  also  released  a  module  called 
DNSAnalyzer,  which  monitors  DNS  in  the  directory, ensures  its  health 
and  boosts  security. 

Both  modules  are  being  added  to  the  company’s  Active  Directory 
Ufecycle  Suite,  a  collection  of  six  management  and  monitoring  tools. 
The  DirectoryLockdown  module  is  part  of  a  new  version  of  the  soft¬ 
ware  bundle  now  called  Secure  Active  Directory  Lifecycle  Suite. 

Tire  Lockdown  tool  is  NetPro’s  answer  to  a  problem  that  Microsoft 
publicized  more  than  a  year  ago. The  issue  is  that  domains  within  a  sin- 
gle  directory  deployment,  called  a  forest,  can  not  be  considered  their 
ov\  n  secure  entity. That  means  domains  can’t  trust  each  other  because 
anyone  with  physical  access  to  machines  that  run  Active  Directory 
cot  in  take  over  the  machine,  inject  malicious  code  and  compromise 

See  NetPro,  page  57 


cause  it  provides  scalability  and 
combines  data  in  one  source, 
allowing  developers  new  ways 
to  use  that  data  in  applications. 

Microsoft  is  working  on  a  simi¬ 
lar  database  back  end  for  an 
Exchange  release  called  Kodiak 
that  will  use  Microsoft's  forthcom¬ 
ing  Yukon  database  technology 
as  its  data  store.  However,  the 
Kodiak  release  isn’t  slated  until 
sometime  in  2005  at  the  earliest. 
In  the  meantime,  Microsoft  will 
ship  in  June  a  release  called  Ex¬ 
change  Server  2003,  which  has 
lower  cost-of-ownership  features 
similar  to  those  in  Domino  6, 
which  Lotus  released  last 
October. 

Microsoft’s  collaboration  story 
also  has  been  clouded  by  its 
move  to  pull  collaborative  fea¬ 
tures  from  Exchange  and  make 
them  part  of  a  module  called 
Greenwich  that  plugs  into  the 
base  operating  system  and  pro¬ 
vides  instant  messaging  and 
conferencing.  And  Microsoft’s 
announcement  two  weeks  ago 
that  it  intends  to  acquire  con¬ 
ferencing  vendor  PlaceWare 
has  led  many  experts  to  ques¬ 
tion  if  Microsoft  is  shifting  gears 
again. 

Like  Microsoft, Lotus  must  devel¬ 
op  Web  services  interfaces  to  its 
collaborative  components  to 
replace  APIs  that  make  integra¬ 
tion  more  complex.  Also,  only 
one-third  of  the  Domino  install 
base  also  has  WebSphere,  accord¬ 
ing  to  company  officials, so  Lotus 
must  nudge  two-thirds  of  its  install 
base  toward  WebSphere  without 
alienating  them. 

"The  way  things  are  formulated 
I  can  try  things  and  see  if  they 
work,”  says  Jean  Thibodeau,  vice 
president  of  IS  for  Canam  Manac 
Group,  a  Canadian  steel  manu¬ 
facturer.  “But  hopefully  I  don’t 
have  to  decide  between  Notes/ 
Domino  and  WebSphere.  They 
are  complementary’ 

IBM  has  said  its  software  strat¬ 
egy  revolves  around  WebSphere 
and  while  Domino  represents  a 
revenue  stream  in  the  near  term 
it  could  become  a  support  bur¬ 
den  in  the  future. 

“The  Domino  base  is  a  huge 
base, and  that  base  needs  to  con¬ 
tinue  to  build,”  IBM’s  Goyal  said. 
“But  it  is  not  going  to  get  me  a 
billion  users  because  it  is  not 
componentized.”  ■ 
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support  VoIP  The  software  checks  for  pac¬ 
ket  loss,  latency  and  jitter  on  the  links  that 
would  carry  voice. 

Violas  one-time  network  evaluation  ser¬ 
vice  costs  $500.  The  software  costs  about 
$50,000,  depending  on  the  number  of  sites 
in  the  network  and  the  number  of  tests 
supported. 

Separately,  Opnet  announced  a  network 
traffic-analysis  tool,  dubbed  IT  Guru  9.1. 
The  software  lets  network  managers  test 
the  effect  an  application  will  have  on  a  pro¬ 
duction  network  before  rolling  out  the 
application. 

The  software  can  offer  suggestions  on 
how  to  design  network  infrastructure  or 
rewrite  application  code  to  improve  an 
applications  performance  on  the  live 
network. 

Another  vendor,  Allot  Communications, 
showed  a  new  version  of  its  NetEnforcer 
appliance  that  can  enforce  QoS  stan¬ 
dards.  It  also  is  designed  to  help  limit  the 
bandwidth  that  peer-to-peer  applications 
can  grab  on  network  connections. 

Called  NetEnforcer  202,  the  appliance 
will  replace  the  201  model.  New  software 
on  the  box  targets  the  Kazaa  file-sharing 
application  Kazaa  2.0,  known  for  its  band¬ 
width-hogging. 

NetEnforcer  202  will  cost  $5,500  for  a  ver¬ 
sion  with  2M  bit/sec  throughput  and  $7,500 
for  one  with  10M  bit/sec  throughput. 

Also  at  the  show: 

•  Network  World  hosted  an  awards  cer¬ 
emony  for  winners  of  its  2002  User 
Excellence  Award  competition  (see 
www.nwfusion.com,DocFinder:4153.  In 
its  18th  year,  the  program  honors  organi¬ 
zations  that  have  adapted  mainstream 
technologies  creatively  or  have  applied 
newer  infrastructure  technologies  to 
solve  pressing  business  problems. 

Commercial  insurance  firm  Royal  & 
SunAlliance  USA  won  top  honors.  The 
company  crafted  a  money-saving  self-ser¬ 
vice  operating-system  upgrade  program 
that  had  7,000  employees  move  from  Win¬ 
dows  95  to  XP  while  the  IT  team  simulta¬ 
neously  rolled  out  Active  Directory  as  the 
core  of  a  new  identity  management  sys¬ 
tem,  switched  to  a  new  software  distribu¬ 
tion  server  and  implemented  self-service 
password  management. 

Representatives  from  runners-up,  the  U.S. 
Department  of  Veterans  Affairs  and  Wells’ 
Dairy, also  were  on  hand  to  receive  awards. 

•  Attorney  Richard  Wiley  moderated  his 
annual  “town  meeting”  session,  at  which 
Washington  telecom  experts  concluded 
that  regulators  would  continue  to  have 
some  control  over  telephone  rates  after  the 
Federal  Communications  Commission  fin¬ 
ishes  a  review  of  telecom  competition  next 
month. The  experts  stopped  short  of  mak¬ 
ing  specific  predictions, but  agreed  that  the 
less  regulation,  the  better. 


ComNet 

continued  from  page  1 

make  sure  it  doesn’t  spread  to  pneumonia.” 

Web  services  debate 

The  security  theme  that  Mehan  empha¬ 
sized  was  also  evident  also  at  Network 
World's  Web  Services  Showdown,  which 
pitted  representatives  from  BEA  Systems, 
IBM,  Microsoft  and  Oracle  in  a  debate 
about  the  promises  and  reality  of  Web  ser¬ 
vices.  John  Gallant,  Network  World  presi¬ 


tect  and  director  of  strategy  for  applica¬ 
tions  tools. “You  won’t  see  Oracle  out  writ¬ 
ing  a  database  or  tool  for  specific  applica¬ 
tions.  We  want  to  wrap  the  [application] 
layer  with  Web  services  and  offer  any  appli¬ 
cation  as  a  Web  service,”  he  said. 

Agreement  on  standards  for  Web  services 
is  essential  to  success,  the  panelists  said. 
Once  the  technology  is  solidified,  it  should 
rightly  assume  an  unglamorous  role,  said 
Adam  Bosworth,  BEAs  senior  vice  presi¬ 
dent  and  chief  architect  for  advanced 
development.  “It’s  going  to  be  part  of  the 


a  tool  and  let  it  sit  on  the  shelf  collecting 
dust,”  said  Michael  Kennedy,  a  managing 
partner  with  Network  Strategy  Partners. 
“Technology  needs  to  get  integrated  into 
the  business  so  that  it  will  support  [delivery 
of]  end-to-end  services.” 

On  one  panel,  representatives  from  ven¬ 
dors  Packeteer,  RouteScience  Technologies 
and  Peribit  Networks  attempted  to  explain 
how  their  products  could  help  companies 
support  new  applications  without  greatly 
increasing  bandwidth  outlays. 

With  new  traffic  such  as  [voice-over-IP 
(VoIP)]  and  stream¬ 
ing  media,  simply 
getting  a  bigger  pipe 
doesn’t  solve  the 
problem  anymore,” 
said  Todd  Kraut- 
kremer,  vice  presi¬ 
dent  of  worldwide 
marketing  at  Packet¬ 
eer.  He  said  he  fav¬ 
ors  traffic  manage¬ 
ment  and  quality-of- 
service  (QoS)  met¬ 
rics  that  would  pri¬ 
oritize  applications 
such  as  order-entry 
programs  over,  say 
music  file-sharing 
programs. 


ComNet  action  included 
Network  World's  Web  Ser¬ 
vices  Showdown  (top,  left 
to  right)  featuring  BEA 
Systems'  Adam  Bosworth, 
IBM's  Bob  Sutor,  Micro¬ 
soft's  Neil  Charney  and 
Oracle's  Ted  Farrell;  atten¬ 
dees  and  exhibitors  inter¬ 
acting  on  a  uncrowded 
show  floor  (center);  FAA 
CIO  Daniel  Mehan  sharing 
thoughts  on  network  secu¬ 
rity  (bottom,  right);  and 
Network  World's  2002  User 
Excellence  Award  winners, 
Chris  Hee-ley  and  Roger 
Thibodeau,  from  insurance 
company  Royal  & 
SunAlliance  (bottom,  left). 


dent  and  editorial  director,  and  Tony 
Picardi,  senior  vice  president  of  software 
research  at  1DC,  fired  questions  at  vendor 
participants. 

Security  must  be  inherent  in  any  Web  ser¬ 
vices  architecture,  said  Bob  Sutor,  IBM’s 
director  of  Web  services. 

"Businesses  want  to  use  [Web  services] 
to  connect  to  the  Internet  and  to  partners,” 
he  said. “You  want  transactions  with  secur¬ 
ity  and  [to]  not  throw  out  [the  infrastruc¬ 
ture]  you  have.” 

Microsoft’s  Neil  Charney,  director  of  plat¬ 
form  strategy, said  that  while  customers  can 
secure  Web  services  today  using  technol¬ 
og)’  such  as  Secure  Sockets  Layer,  deeper 
security  needs  to  be  built  into  Microsoft 
products.  “You  will  see  security  in  all  our 
products,"  he  said. 

Key  to  Web  services  are  tools  that  let  busi¬ 
nesses  make  their  applications  accessible 
via  the  Web,  says  Oracle's  Ted  Farrell,  archi¬ 


core  plumbing,”  said  Bosworth,  who  cre¬ 
ated  a  minor  stir  when  he  said  that  this 
summer  his  company  plans  to  release  an 
ambitious  new  version  of  its  WebLogic 
Workshop  development  tool  for  Java 
environments. 

More  with  less 

A  theme  running  throughout  the  show 
was  the  need  to  do  more  with  less  to  run 
enterprise  networks. 

The  FAAs  Mehan  lamented  not  being 
able  to  buy  all  the  intrusion-detection, VPN 
and  antivirus  software  he  might  want,  and 
instead  having  to  buy  a  mix  of  what  he 
could  afford. 

Conference  sessions  with  titles  such  as 
“Doing  More  with  Less”  and  “Closing  the 
Deal  on  Peak  Infrastructure  R>rformance” 
attracted  substantial  crowds  and  initiated 
much  discussion. 

"The  days  are  gone  when  you  could  buy 


One  audience  member  asked  the  panel 
how  spending  money  on  their  software  — 
which  can  cost  from  $5,000  and  $50,000, 
depending  on  network  configuration  —  is 
less  expensive  that  doling  out  cash  for 
increasingly  less-expensive  bandwidth. 

“Bandwidth  can  still  be  cheaper  in  some 
cases,  but  it  doesn’t  take  into  account  the 
performance  of  various  applications,” 
Krautkremersaid.“Sometimes  more  band¬ 
width  isn’t  enough  to  support  certain 
applications.” 

Among  other  companies  aiming  to  help 
customers  better  support  new  applications 
was  Viola  Networks,  which  launched  soft¬ 
ware  called  NetAlly  designed  to  gauge  a 
network’s  ability  to  handle  VoIP  traffic. 

The  server  and  agent  software  simulates 
VoIP  traffic  on  customer  networks  before 
IP  telephony  gear  is  installed,  letting  net¬ 
work  executives  determine  how  extensive 
a  network  upgrade  might  be  necessary  to 
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On  diminishing  returns,  robots  and  the  unknowing  seen  at  ComNet. 


On  the  decline 

Dwindling  vendor  and  user 
attendance  was  the  main 
observation  most  show- 
goers  had  about  last 
week's  ComNet.  The 
show  that  once  over¬ 
flowed  the  Washington 
Convention  Center’s 
381,000  square  feet 
now  only  uses  about 
one-third  of  that 

space.  Another  sure  sign  of  deteriorating  vendor 
interest:  The  "Program,  Buyers  Guide  and  New 
Product  Directory,”  which  outlines  sessions  and  ven¬ 
dor  products,  was  81  pages  long  this  year  vs.  169  in  2001  and  199 
in  2000.  One  attendee  said,  “I  was  thinking  vendors  would  pack 
up  [Thursday]  morning  since  it  was  so  empty  on  Wednesday. 
Have  you  heard  anything  about  ComNet  next  year .  . .  will  there 
be  one?"  Good  question. 


PHOTOS  STAN  BAROUH 


Funny  guys 

Vendors  participating  in  Network  World's  Web  Services 
Showdown  tossed  a  few  barbs  at  each  other.  In  one 
exchange,  Microsoft  representative  Neil  Charney  asked 
IBM  representative  Bob  Sutor  how  IBM  managed  to 
make  so  much  money  off  a  free  technology  —  Linux. 
Sutor  replied  that  the  key  was  selling  useful  applications 
on  top  of  the  platform.  "If  you  gave  away  Windows,  you 
could  see  how  it  works,"  he  said. 


Good  vibrations 

Messaging  devices,  yes,  but  you  don't  expect  to  see  elec¬ 
tronic  massaging  devices  at  a  network  trade  show.  But 
there  are  a  lot  of  surprises  in  life.There  was  a  booth 
selling  Rhythm  3000,  a  $500  device  that  the 
maker  can  treat  an  impressive  list  of  ailments: 
diabetes,  back  tension,  fibromyalgia,  stress 
relief,  fatigue,  headaches,  arthritis,  sciatic  nerve 
and  tennis  elbow.  Wonder  what  it  can  do  for  SOL 
worms? 


Gall  me  Sprockit 

There  are  lots  of  pitchmen  at  trade  shows,  but 
NetScaler's  Sprockit  was  the  hands-down  best  at 
ComNet.  Sprockit  is  a  robot  on  wheels  that  stands 
about  four-feet  tall  and  chats  up  the  crowd  as  it 
passes  the  booth.  "Hello,  my  name  is  Sprockit. 
What's  yours?"  it  asks  in  a  flat,  mechanical  voice.  It 
remembers  your  name  and  engages  you  in  conver¬ 
sation  about  what  you  are  doing  at  the  show  or 
whether  you're  visiting  NetScaler’s  booth.  The  ro¬ 
bot  is  remote-controlled  and  equipped  with  a 
microphone  and  video  camera  that  feeds  back  to 
a  human  somewhere  out  of  sight.  Oddly,  many 
people  are  afraid  to  talk  to  the  machine  and 
scurry  away. 

Sprockit,  the  4-foot-tall  remote-con¬ 
trolled  pitchman  for  NetScaler,  tried 
to  drum  up  interest  at  ComNet  Many 
were  intimidated  by  it. 


ComNet  attendees  focus  on 


wireless  security 

Discovery  and  vulnerability  assessment 
access  point  security . . .  security  policy 
enforcement  and  intrusion  detection  all 
must  be  in  place  to  secure  a  wireless 
network. 


■  BY  DENISE  PAPPALARDO 

Wireless  networks  were  a  hot 
topic  of  conversation  at  last 
week’s  ComNet  Conference  & 
Expo,  which  featured  10  sessions 
devoted  to  everything  from  wire¬ 
less  LAN  security  to  3G’s  viability. 


\  I  / 


■  THIS  WEEK'S  QUESTION: 

What  is  the  name  of  the 
first  company  Cisco  has 
announced  plans  to  buy 
this  year? 

Ansvrer  this  and  nine  additional  questions 
onine  and  you  could  win  $500!  Visit 

Netwwi  World  Fiswa  and  enter  2349 
in  the  Search  ^ox. 

i  ww.nwnision.com 


On  the  wireless  LAN  side,  ses¬ 
sions  focused  on  the  security 
flaws  inherent  in  the  802.11b 
specification.  The  IEEE  is  drafting 
a  new  standard  that  will  fix  secu¬ 
rity  holes  that  create  vulnerabili¬ 
ties  in  802.11b  networks  with 
802. Hi.  But  this  specification  is 
not  expected  to  become  final 
until  later  this  year. 

Industry  experts  in  one  session 
had  some  advice  for  users  who 
have  or  want  to  deploy  a  wireless 
LAN:  Take  a  “layered”  approach  to 
security.  Discovery  and  vulnerabil¬ 
ity  assessment,  access-point  secu¬ 
rity  including  media  access  con¬ 
trol  filtering,  user  authentication 
and  encryption,  security  policy 
enforcement  and  intrusion  detec¬ 
tion  must  all  be  in  place  to  secure 
a  wireless  network,  says  Fred  Tan- 
zella,  CTO  at  intrusion-detection 
vendor  AirDefense. 

Tanzella  said  rogue  access 
points  or  physical  thefts  are  com¬ 
mon  risks. 

“Your  best  employee  could  be 
your  biggest  security  risk," 
he  said. 


An  eager  employee  who  in¬ 
stalls  a  wireless  router  in  his 
home  to  work  more  efficiently 
after-hours  is  opening  an  unpro¬ 
tected  hole  on  the  corporate  net¬ 
work,  he  said. 

And  if  a  disgruntled  employee 
or  activist  is  targeting  a  company, 
physical  theft  of  a  laptop  or  PDA 
is  just  as  possible  as  a  random 
hacker  trying  to  access  your  wire¬ 
less  LAN. 

Industry  experts  agreed  that  all 
users  should  have  the  ad  hoc  net¬ 
work  option  turned  off  when  set¬ 
ting  up  their  wireless  LAN  cards.  If 
left  on,  other  wireless  users  could 
use  the  device  as  an  access  point. 
They  also  recommended  that 
businesses  that  deploy  a  compa¬ 
nywide  wireless  LAN  use  VPN 
security  such  as  IP  Security  for 
encryption  and  authentication. 

While  one  attendee  found  this 
session  useful, she  says  she  would 
have  liked  to  have  heard  more 
about  wireless  LANs. 

“1  was  looking  for  real-world 
solutions  to  assist  with  running 
my  business  better,”  says  Mary 


Stadelbacher,  president  of  com¬ 
puter  consulting  company  Pionus 
Creations  in  Salisbury,  Md.“I  want¬ 
ed  to  hear  more  about  new  imple¬ 
mentations  of  802.11,  products, 
security,  troubleshooting  tips. 
Whatever  would  give  me  a  good 
[return  on  investment]  of  my  time 
and  would  benefit  my  clients  the 
most.” 

With  the  promise  of  much 
faster  data  rates,  3G  has  been 
hailed  as  a  breakthrough  for  end 
users.  But  full  3G  support  still  isn’t 
available  in  most  locations  and 
carriers  continue  to  pull  in  the 
reigns  on  3G  network  rollouts. 
AT&T  Wireless  Services  last 
month  scaled  back  its  3G  deploy¬ 


ment  plans. 

The  International  Telecommu¬ 
nications  Union  says  3G  services 
should  support  144K  bit/sec 
mobile  rates,  384K  bit/sec  sta¬ 
tionary  mobile  rates  and  up  to 
2M  bit/sec  fixed  rates.  But  ana¬ 
lysts  at  the  show  agreed  these  are 
ideal  rates.  One  user  will  not  see 
144K  bit/sec,  but  possibly  up  to 
100K  bit/sec. 

While  it’s  not  clear  if  3G  will 
provide  the  wireless  infrastruc¬ 
ture  to  offer  business  and  con¬ 
sumer  users  a  data  experience 
similar  to  their  desktops,  it  is 
clear  that  the  carriers  already 
have  invested  too  much  in  the 
technology  to  turn  back  now.  ■ 
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m  TCP/IP,  LAN/WAN  SWITCHES 

■  ROUTERS  ■  HUBS 

■  ACCESS  DEVICES  ■  CLIENTS 

■  SERVERS  ■  OPERATING  SYSTEMS 

■  VPNS  ■  NETWORKED  STORAGE 


■  Cubix  has  launched  a  dual  Xeon- 
based  blade  server  with  support  for 
RAID  5,  Windows  2003,  SOL  Server 
and  Linux  systems.  The  company's 
blade,  the  BladeStation  XP4,  which 
uses  2.8-GHz  Xeon  processors,  sup¬ 
ports  as  many  as  four  147G-byte  hot- 
pluggable  drives.  It  also  supports  as 
much  as  8G  bytes  of  RAM  and  has 
four  PCI-X/PCI  slots,  dual  10/100M 
bit/sec  Ethernet  connections,  a 
10/100/1, 000M  bit/sec  Ethernet  adapter 
and  an  integrated  keyboard-video- 
mouse  switch.  The  BladeStation 
enclosure  is  6U  high  and  could  con¬ 
tains  three  blades  and  redundant,  hot- 
swappable  power  supplies.  The 
BladeStation  XP4  starts  at  $2,600  and 
is  expected  to  ship  in  February. 
www.cubix.com 

■  Wireless  LAN  vendor  Proxim  last 
week  cut  prices  by  almost  one-third 
for  its  Orinoco  wireless  LAN  access 
points  and  introduced  an  access  point 
using  the  54M  bit/sec  IEEE  802.1 1g 
standard.  The  company  lowered  the 
price  of  its  main  enterprise  access 
point,  the  Orinoco  AP-2000,  from 
$900  to  $600.  The  AP-2000  is  a  two- 
slot  access  point  that  can  hold  11M 
bit/sec  802.11b  adapters  and,  by 
attaching  a  separate  kit,  54M  bit/sec 
802.11a  adapters.  The  AP-2500,  de¬ 
signed  as  combination  access  point 
and  gateway  to  be  deployed  quickly 
for  public  wireless  hot  spots,  is  now 
$800,  down  from  $1,100. 

The  new  Proxim  11g  Kit,  which 
will  ship  in  the  second  quarter  of 
2003,  is  based  on  the  draft  IEEE  stan¬ 
dard  known  as  802 . 1 1  g.  This  standard 
takes  the  same  radio  frequency  as 
802.11b,  the  2.4-GHz  band,  but  uses  a 
different  modulation  scheme  to  boost 
the  data  rate  to  54M  bit/sec.  The  new 
product  will  let  network  managers 
boost  2.4-GHz  throughput  for  a  user 
if  the  user  devices  also  are  equipped 
with  corresponding  802.11g  adapters. 
The  kit,  which  attaches  to  the  AP- 
2000,  is  the  first  of  several  802.1 1g 
products,  according  to  Proxim. 
Suggested  retail  price  is  $150. 
www.proxim.com 


Lessons  from  Leading  Users 


School  solves  videoconferencing  puzzle 


■  BY  TIM  GREENE 

Five  years  ago,  the  Imperial 
County  Office  of  Education 
in  El  Centro,  Calif.,  had  a 
vision  to  put  videoconferencing 
into  every  classroom  in  its  56 
schools,  but  it  wasn’t  until  last  year 
that  it  solved  a  key  problem:  get¬ 
ting  the  video  traffic  to  go  through 
firewalls  easily 

Now,  with  the  installation  of  gear 
from  Ridgeway  Systems,  traffic 
can  pass  through  the  firewalls  that 
protect  the  independent  networks 
at  each  of  the  17  school  districts 
within  the  county.  This  might 
prove  to  be  the  last  major  obstacle 
to  video  deployment,  says  Alan 
Phillips,  the  district’s  videoconfer¬ 
encing  specialist. 

“We  were  close  to  being  dead 
with  IP  video,”  he  says,  because  of 
unforeseen  problems  getting  fire¬ 
walls  properly  configured  to  allow 
incoming  video  calls.  And,  given  the 
high  cost  of  ISDN  as  an  alternative,  IP 
was  the  only  economically  feasible 
answer. 


Getting  video  through  firewalls 

Imperial  County,  Calif.,  schools  use  Ridgeway  IPFreedom  gear  to 
clear  the  way  for  video  traffic  as  it  crosses  through  firewalls  across 
sites.  This  example  shows  the  central  school  site  and  one  other  site. 


An  IPFreedom  client  behind  a  firewall  connects 
to  the  IPFreedom  Server  behind  another  firewall, 


IPFreedom  server 


All  video  traffic  passes  through  the  TCP 
connection  and  through  a  user  datagram 
protocol  (UDP)  port  in  the  firewall  that 
the  IPFreedom  client  opens  as  needed. 


Videoconferencing  units  are  configured  to  use  their  local 
IPFreedom  device  as  the  gatekeeper  for  making  video 
connections.  The  IPFreedom  client  and  server  proxy  the 
Polycom  FX  videoconferencing  system  gatekeeper. 


One  problem  wasn’t  technical;  it  had 
to  do  with  jurisdiction.  Phillips  was  in 
charge  of  a  countywide  teleconferenc¬ 
ing  project  to  be  run  over  an  evolving 


Gigabit  Ethernet  fiber  ring  that  the 
schools  lease  from  the  local  water  dis¬ 
trict.  Each  school  district  is  connected 

See  School,  page  20 


Versatile  IP  PBX  on  tap  from  Zultys 


■  BY  PHIL  HOCHMUTH 

SUNNYVALE,  CALIF  —  Zultys  Technolo¬ 
gies  last  week  made  its  debut  with  its 
MX  1200  IP  telephony  server  —  or  IP  PBX 
—  aimed  at  replacing  circuit-switch  phone 
networks  in  small  and  midsize  businesses. 

The  MX  1200  could  be  used  to  combine 
voice  and  data  onto  a  single  LANAVAN  in¬ 
frastructure  while  integrating  applications 
such  as  instant  messaging,  voice  mail  and 
e-mail  on  corporate  desktops.The  IP  PBX  is 
based  on  an  embedded  Linux  operating 
system  from  Monta  Vista  Linux,  and  runs 
Session  Initiation  Protocol  (SIP), an  emerg¬ 
ing  voice-over-IP  (VoIP)  call  control  and 
application  protocol  technology 

Some  industry  observers  consider  SIP  to 
be  the  successor  to  proprietary  call  control 
technologies,  and  previous  VoIP  standards 


such  as  H.323  and  Media  Gateway  Control 
Protocol. 

The  MX  1200  will  compete  against  prod¬ 
ucts  such  as  3Com’s  NBX;  Alcatel’s  Omni- 
PCX  4400;  Avaya’s  IP600,  S8700  and  S8300 
IP  PBXs;  Cisco’s  CallManager;  Mitel’s  3300 
Integrated  Communications  Platform;  Nor¬ 
tel’s  Business  Communication  Manager 
and  CSE  1000;  Shoreline  Communications’ 
ShoreGear  converged  voice  switches;  and 
Siemens’  HiPath  IP  PBX. 

The  MX  1200  could  sit  in  a  remote  office 
and  act  as  a  multifunction  device  with 
PBX,  routing  and  switching  support.  The 
box  also  could  attach  to  a  LAN  backbone 
or  data  center  at  a  corporate  headquarters. 

A  single  MX1200  supports  20  to  1,200 
users,  and  four  boxes  can  be  networked 
together  —  locally  or  over  a  WAN  —  to  sup¬ 
port  4,800  users.The  box  has  an  integrated 


28-port  10/100M  bit/sec  LAN  switch  (12  of 
which  have  802.3af-based  in-line  AC 
power),  eight  T-l/E-1  ports  and  a  single 
long-reach  (1.2-mile  range)  100Base-FX 
fiber  Ethernet  port.  The  device  also  comes 
with  eight  analog  ports  for  connecting  fax 
machines,  analog  teleconference  equip¬ 
ment  or  simple  phones.  Two  copper-based 
Gigabit  Ethernet  connections  also  are  in¬ 
cluded  for  linking  MX  1200  devices  to  each 
other,  or  to  a  larger  LAN  switch.  Up  to  400 
hours  of  voice  mail  can  be  stored  on  an 
integrated  hard  drive. 

The  MX  1200  supports  quality-of-service 
(QoS)  protocols  such  as  Layer  2  802. Ip 
and  802. IQ  priority,  and  virtual  LAN  tag¬ 
ging,  and  Layer  3  Differentiated  Services 
functions.  Prioritizing  VoIP  traffic  with  these 
QoS  settings  could  help  improve  voice 
See  Zultys,  page  20 
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Managing  mobility  can  be  challenging. 
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That’s  why  there’s  Windows  XP  and  Office  XP. 


Recognize  any  of  those  issues?  Or,  perhaps,  all  of  them?  We  thought 
so.  Many  of  these  issues  can  be  related  to  your  legacy  desktop 
software.  Fortunately,  many  of  them  can  be  addressed  by  features  in 
Microsoft*  Windows*  XP  Professional  and  Office  XP  Professional. 
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Want  specific  examples?  Windows  XP  Professional  offers  new 
Remote  Assistance,  which  enables  you  to  view  a  user’s  screen  and 
control  the  user’s  computer  to  solve  technical  problems  from  afar. 
Office  XP  Professional  gives  you  installation  support  for  HTTP, 


HTTPS,  and  FTP,  which  means  you  can  install  and  maintain  the  suite 
directly  from  a  Web  server  or  a  file  share  on  your  network.  And  finally, 
several  new  features  make  deployment  easier  than  ever.  For  more 
ideas  about  managing  your  desktops,  visit  microsoft.com/desktop 
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Infrastructure 


www.nwfusion.com 


SQL  Slammer  attack  reveals  reliability  reality 


To  have  the  same  number  of  takeoffs 
and  landings  and  never  have  my 
name  in  the  paper. 

1  received  that  well-practiced  answer 
when  1  asked  a  commercial  wide-body 
pilot  nearing  retirement  what  his  goals  had 
been  during  his  nearly  30  years  flying.  His 
credo  came  to  mind  when  1  saw  the  SQL 
Slammer  virus  in  the  news.  I  thought  ven¬ 
dors  of  key  IT  infrastructure  should  have 
the  same  goals:  no  major  crashes  and  stay¬ 
ing  out  of  the  headlines. 

My  pilot  friend  understood  implicitly  that 
he  was  part  of  the  transportation  infrastruc¬ 
ture  and  that  “boring  was  beautiful.”  Every 
element  of  the  aircraft,  the  flight  proce¬ 


dures  and  even  personnel  assignment 
were  centered  on  maximizing  reliability 
and  thus  safety.  IT  infrastructure  vendors 
need  to  be  thinking  the  same  way 

Of  course,  with  Microsoft  as  the  spiritual 
leader  of  the  IT  software  industry  that’s  not 
likely  to  happen.  And,  despite  Bill  Gates’ 
mea  culpa  and  his  fireworks  about 
Trustworthy  Computing,  he  has  succeeded 
in  lowering  the  standards  of  what  Fortune 
1000  firms  will  accept  for  critical  infrastruc¬ 
ture  to  the  point  that,  although  it  appears 
that  he  still  is  fighting  the  battle,  he  won  the 
war  a  long  time  ago. 

According  to  reports,  the  security  hole  in 
Microsoft  SQL  Server  prevented  Continen¬ 
tal  Airlines  from  booking  reservations  and 
locked  its  hub  in  Newark,  N.J.  At  Bank  of 
America,  customers  couldn’t  access  about 
13,000  ATMs  on  the  company’s  network 
(www.nwfusion.com,  DocFinder:  4132). 

Think  back  to  the  mid-1980s  when  sys¬ 
tems  like  these  were  running  on  IBM  main¬ 
frames.  How  many  times  did  you  see  MVS, 


CICS.VTAM  or  DB2  in  the  news?“VTAM  bug 
causes  Bank  of  America  ATM  network  to 
crash!”Try  —  never. 

If  it  did,  the  Gordon  Bethunes  (Contin¬ 
ental’s  CEO)  of  that  era  would  have  been  on 
the  phone  with  IBM’s  chairman  and  most 
likely  would  make  public  statements  de¬ 
nouncing  IBM  for  putting  their  businesses  at 
risk.  A  Bill  Gates  “Oops,  I’m  sorry”  wouldn’t 
have  cut  it. 

But  these  massive  system  failures  just 
didn’t  happen.  IBM’s  software  infrastructure 
elements  were  not  household  names.They 
just  ran.  But  they  were  built  with  a  very  dif¬ 
ferent  philosophy;  reliability  always  trum¬ 
ped  feature  delivery 

I  remember  visiting  IBM’s  Networking 
Division  briefing  center  in  the  mid-1980s 
and  seeing  a  network  running  IBM’s  next 
release  of  VTAM  for  MVS.  (For  those  of  you 
not  old  enough  to  remember,  VTAM  was 
IBM’s  flagship  network  software.) 

Key  features  that  we  needed  appeared  to 
be  working  quite  well, and  1  was  anxious  to 


get  the  new  version  in  and  running.  I  re¬ 
member  the  answer  to  my  query:“Eighteen 
months.”  I  was  crestfallen.  This  was  how 
long  it  would  take  to  complete  the  level  of 
integration  testing  appropriate  for  a  core 
infrastructure  component. 

Even  IBM’s  beta  programs  were  well- 
thought-out.  Only  sites  that  had  specific 
characteristics  were  invited  to  participate. 
This  practice  contrasts  with  Microsoft’s“law 
of  large  numbers”  approach  —  throw  your 
beta  code  at  enough  people,  and  they’ll 
likely  discover  most  of  the  flaws. 

Even  Microsoft’s  “Service  Pack"  approach, 
through  which  hundreds  of  modules  can 
be  affected,  is  different  from  IBM’s  surgical 
approach  to  maintenance  for  key  infra¬ 
structure  software.  Service  packs  are  just  as 
likely  to  cause  a  problem  as  to  fix  one. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Manasquan,  N.J.  He  can  be 
reached  at  ktolly@tolly.com. 


NetVmg  ups  ’Net  performance 


■  BY  TIM  GREENE 

FREMONT,  CALIF —  NetVmg  is  boosting 
its  hardware  and  software  platform  in  an 
effort  to  help  businesses  better  control 
costs  and  improve  Internet  performance. 

The  Flow  Control  Platform  100  and  FCP 
500  appliances  are  meant  for  smaller  sites 
that  aren’t  likely  to  grow  significantly.  Both 
are  fixed-configuration  boxes  with  15M 
and  50M  bit/sec  throughput,  respectively 
NetVmg’s  earlier  gear  was  modular,  with 
expansion  slots  for  adding  capacity  as  net¬ 
work  links  grew. 

Like  their  larger  siblings,  the  two  devices 
sit  behind  corporate  firewalls  and  act  as 
routing  peers  with  WAN  routers  that  con¬ 
nect  to  more  than  one  ISRa  setup  known 
as  multihoming.  FCPs  monitor  traffic  flows 
in  and  out  of  corporate  sites  to  determine 
the  delay  the  traffic  experiences  and 
whether  one  of  the  other  ISPs  the  compa¬ 
ny  is  connected  to  can  supply  faster  or 
less-expensive  service.  The  FCP  then  in¬ 
structs  corporate  routers  to  use  the  cho¬ 
sen  ISP 

Users  can  set  policies  so  the  boxes 


Zultys 

continued  from  page  17 

quality  over  a  LAN  or  WAN,  the  company 
says.  The  box  also  can  act  as  a  router,  with 
support  for  Open  Shortest  Path  First  proto¬ 
col  and  Routing  Information  Protocol. 

On  the  client  side,  the  MX  1200  comes 
with  SIP-based  desktop  software  called 
MX1E,  which  combines  an  instant-messag¬ 
ing  client,  corporate  directory  and  pres¬ 
ence  application.  Users  can  make  calls 
from  the  MX1E  client  by  clicking  on  contact 
names  in  the  application,  which  rings  the 
SIP-based  phones  on  the  caller  and  recipi- 


choose  the  best-performing  link  or  the 
least-expensive  link.  Part  of  NetVmg’s  soft¬ 
ware  upgrade,  called  FCP  3.0,  includes  cre¬ 
ating  a  better  balance  between  perfor¬ 
mance  and  cost. 

A  feature  of  FCP  3.0  called  Intelli^ 
Choice  can  shift  low-performing  traffic  to 
a  better  connection  and  also  shift  some 
traffic  off  that  better  connection  to  keep 
the  total  load  on  that  link  from  peaking 
at  a  higher  cost  level.  Before  it  makes  the 
shifts,  the  FCP  software  makes  sure  that 
the  traffic  being  shifted  away  will  per¬ 
form  as  well  on  the  other  link,  the  com¬ 
pany  says. 

FCP  3.0  also  can  better  determine  which 
Border  Gateway  Protocol  changes  to  make 
so  it  doesn’t  divert  more  traffic  than  neces¬ 
sary  The  benefit  is  that  the  device  won’t 
overcorrect  and  reroute  traffic  that  was  per¬ 
forming  well,  NetVmg  says. 

NetVmg  competes  against  other  route 
control  vendors,  including  Proficient  Net¬ 
works  and  Sockeye  Networks. 

FCP  100  costs  $25,000,  and  FCP  500  costs 
$60,000.They  are  available  now. 

NetVmg:  www.netvmg.com 


ent  end. 

Zultys  does  not  sell  SIP  phones,  but  its 
product  is  interoperable  with  phones 
such  as  Cisco’s  SIP-enabled  7960  IP 
phone,  and  SIP  phones  from  IP  Dialog, 
Pingtel  and  Snom.A  Microsoft  XP  desktop 
PC  outfitted  with  a  headset  and  running 
the  SIP-based  Windows  Messenger  appli¬ 
cation  also  can  be  used  as  an  endpoint 
with  an  MX  1200. 

The  MX  1200  is  available  now  and  costs 
about  $212,000  fora  1,200-user  system,  or 
about  $177  per  user  without  phones.  IP 
phones  from  supported  manufactures 
range  in  price  from  $200  to  $1,000.B 


School 

continued  from  page  17 

to  the  ring,  and  each  district’s  network  is 
run  autonomously  So  Phillips  had  no 
authority  to  choose  a  standard  firewall 
between  each  district  and  the  common 
WAN  or  to  order  that  the  various  in¬ 
stalled  firewalls  be  set  to  accept  incom¬ 
ing  video  calls. 

Initiating  a  videoconference  requires 
the  calling  machine  to  connect  with  the 
receiving  machine.  But  if  firewalls  are  in 
between,  they  can  cause  problems  in 
two  ways.  First, the  firewall  protecting  the 
machine  being  called  will  block  the  ini¬ 
tial  incoming  message  as  unsolicited 
traffic.  Second,  both  firewalls  might  be 
translating  private  LAN  IP  addresses  into 
public  IP  addresses,  which  can  create 
discrepancies  between  packets’  internal 
and  header  addresses,  causing  them  to 
be  dropped.  IP  voice  creates  similar 
problems. 

Even  in  trials  with  Polycom  View- 
Station  FX  videoconferencing  units  in 
which  Phillips  controlled  the  firewalls, 
configuring  the  firewalls  was  tricky. 
Although  he  set  his  Cisco  PIX  firewalls  to 
allow  the  video  traffic  in  and  out,  perfor¬ 
mance  glitches  arose.  Sometimes,  just 
audio  would  get  through,  but  no  video. 
He  tried  installing  an  Accord  videocon¬ 
ferencing  bridge  to  traverse  the  firewall, 
but  that  required  a  more  complicated 
dialing  plan  that  end  users  could  not 
adapt  to,  he  says.  It  required  them  to  fig¬ 
ure  out  what  network  the  receiving 
machine  resided  on  and  to  use  the 
appropriate  prefixes. 

Another  way  around  the  problem  was 


dedicating  a  physical  port  on  each  dis¬ 
trict’s  WAN  switch  to  videoconferencing, 
but  that  would  have  been  too  much 
work  and  burned  the  port  for  other  uses, 
Phillips  says. 

When  he  heard  about  Ridgeway,  he  set 
up  a  demonstration  of  its  IPFreedom 
software  between  a  PC  in  his  office  that 
was  equipped  with  Fblycom’s  ViaVideo 
gear  and  a  PC  at  Ridgeway’s  office.  He 
downloaded  a  Ridgeway  client  to  his  PC 
and  says  that  in  minutes  he  set  up  a 
videoconference  with  the  Ridgeway  rep¬ 
resentative. 

Ridgeway  gear  consists  of  client  soft¬ 
ware  called  IPFreedom  Client,  which 
runs  on  PCs  or  servers  behind  firewalls, 
and  IPFreedom  Server,  which  oversees 
all  the  clients  in  a  user’s  network.  The 
clients  establish  persistent  TCP  sessions 
with  a  central  Ridgeway  IPFreedom  Ser¬ 
ver.  The  videoconferencing  gear  at  each 
site  is  pointed  at  the  local  device  run¬ 
ning  the  Ridgeway  software,  and  the 
clients  and  server  in  tandem  act  as  a 
proxy  to  get  traffic  through  the  firewalls. 

Because  they  have  an  established  TCP 
session,  their  call  notifications  can  get 
through  the  firewalls  without  being 
blocked.  Once  a  call  is  in  progress,  the 
equipment  uses  just  two  firewall  ports  to 
shuttle  traffic  through.  The  software  has 
the  intelligence  to  translate  IP  addresses. 

About  100  ViaVideo  units  are  distrib¬ 
uted  among  the  Imperial  County 
schools,  and  the  schools  have  bought 
Ridgeway  server  software  for  about 
$65,000.  The  clients  are  free  and  are 
installed  on  servers  inside  district  fire¬ 
walls.  Server  capacity  is  priced  by  the 
number  of  endpoints  it  supports  — 
$150  for  an  IP  voice-only  endpoint  and 
$300  for  a  video  endpoint,  the  com¬ 
pany  says.  ■ 


The  world’s  fastest  workgroup  color  printer  has  arrived. 
The  Xerox  Phaser®  7300.  You’d  better  hang  on. 
There’s  a  new  way  to  look  at  it. 


Now  color  speeds  through  any  office  at  30  ppm. 

The  Xerox  Phaser®  7300  tabloid  color  printer 
beats  all  speed  records  for  workgroup  color 
printing.*  And  at  37  ppm  black  and  white,  it 
eliminates  the  need  for  multiple  printers. 
You  get  consistent  2400-dpi  color  that’s  always 
bright,  sharp  and  brilliant.  The  Phaser  7300 


automatically  selects  the  correct  paper  size 
for  any  job,  up  to  12  x  18.  So  experience  a 
colorful  flurry  of  productivity  with  the 
Phaser  7300.  Or  let  your  office  soar  with  our 
full  line  of  reliable,  award-winning  network 
printers  by  calling  1-800-362-6567  ext.  1930 
or  visiting  xerox.com/officeprinting/bird1930 
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IBM  steps  up  content  mgmt.  play 

Government  regulations  reinforce  need  to  control  corporate  data, 


■  BY  ANN  BEDNARZ 

ARMONK,  N.Y.  —  Tougher  document 
archiving  regulations  —  plus  increased 
government  scrutiny  of  business  docu¬ 
ments  —  are  generating  new  interest  in  an 
old  technology:  content  management. 

Government  regulatory  requirements  for 
archiving  and  purging  business  documents 
have  companies  looking  to  get  a  handle 
on  electronic  content  to  make  sure  they’re 
in  compliance.  Other  factors  driving  inter¬ 
est  in  content  management  include  com¬ 
panies’  desire  to  consolidate  content 
sources  and  link  disparate  application  and 
database  repositories.  In  addition, many  are 
trying  to  comply  with  partner  requests  to 
exchange  product  information  electroni¬ 
cally  which  requires  getting  their  content 
house  in  order. 

That’s  where  companies  such  as  IBM  are 
looking  to  cash  in. 

Big  Blue  this  year  will  double  its  content 


Takes 


■  Gores  Technology  Group  last  week 
said  it  would  acquire  application  and 
traffic  monitoring  software  maker 
Resonate  for  about  $53  million.  While 
the  stock  transaction  will  be  subject 
to  customary  regulatory  and  Res¬ 
onate  stockholder  approvals,  GTG 
says  it  expects  the  deal  to  close  in  the 
second  quarter  of  2003.  Until  then, 

GTG  plans  to  distribute  Resonate 
products,  such  as  its  Commander  line 
of  application  performance  manage¬ 
ment  software,  via  the  Aprisma  sales- 
force.  GTG  in  August  purchased  net¬ 
work  management  software  maker 
Aprisma  from  its  then-Cabletron-sib- 
ling  Enterasys.  Aprisma  makes  its 
Spectrum  network  management  soft¬ 
ware,  which  the  company  says  man¬ 
ages  service  levels  across  network, 
systems  and  applications.  Resonate 
develops  application  performance 
management  software  that,  when  cou¬ 
pled  with  Aprisma's  Spectrum  portfo¬ 
lio,  will  give  customers  tools  to  man¬ 
age  the  growing  wave  of  Web  services. 


management  salesforce  and  increase  re 
search  and  development  efforts  by  25%, 
says  Deb  Taufen,  director  of  marketing  for 
enterprise  content  management  at  IBM. 
That  investment  comes  after  a  strong  year 
for  the  division.  In  2002,  IBM’s  digital  con¬ 
tent  management  portfolio,  which  is  part  of 
its  DB2-anchored  data  management  busi¬ 
ness,  posted  a  29%  revenue  increase  for  the 
fourth  quarter  over  year-ago  figures,  and  a 
26%  increase  for  the  year. 

“We’re  seeing  a  lot  of  momentum,”  Taufen 
says.  “There’s  a  lot  of  interest  from  cus¬ 
tomers  who  have  gotten  control  of  their 
structured  information  and  now  want  to 
extend  that  to  better  manage  all  of  the  con¬ 
tent  within  their  organization.” 

And  while  the  outlook  for  many  soft¬ 
ware  sectors  remains  glum,  content  man¬ 
agement  is  attracting  the  attention  of  com¬ 
panies.  In  the  most  recent  edition  of 
Morgan  Stanley’s  ongoing  CIO  Survey 
series,  33%  of  225  CIOs  surveyed  said  doc¬ 
ument  and  content  management  is  a  pri¬ 
ority.  It  ranked  third  —  after  security  (40%) 
and  employee  portal  (36%)  —  in  software 
spending  priorities. 

Content  management  is  a  broad  term 
that  covers  many  distinct  technologies  for 
organizing  and  publishing  information,  in¬ 
cluding  structured  information  from  a 
database  and  unstructured  information 
such  as  audio  or  video  files.  It  encom¬ 
passes  document  management,  which  per¬ 
tains  to  organizing,  routing  and  managing 
typical  business  documents;  Web  content 
management,  which  tackles  creating,  stor¬ 
ing  and  publishing  Web  site  material;  digi¬ 
tal  asset  management,  for  storing  assets 
other  than  text,  such  as  graphics,  photos 
and  video;  and  records  management,  for 
electronic  record-keeping  oversight. 

IBM  —  and  others  —  are  looking  to  cap¬ 
italize  on  a  market  that  grew  up  piecemeal, 
according  to  analysts. 

In  the  past,  companies  adopted  content 
management  systems  to  solve  a  specific 
need.  A  retailer  might  have  had  technology 
for  dealing  with  catalog  content,  and  then 
in  the  rush  to  establish  an  online  presence, 
built  a  new  system  for  Web  content  inde¬ 
pendent  of  the  old  system  says  Jim  Murphy 
senior  analyst  at  AMR  Research.  Today, 
companies  want  to  deal  with  all  their  con¬ 
tent  in  an  integrated  fashion  and  adminis¬ 
ter  fewer  applications. 

IBM  approaches  the  market  as  a  database 
expert,  Murphy  says.  Its  pitch  is  that  the 


Power  play 

IBM  is  paying  more  attention  to 
the  content  management  market. 

Strengths 

•  Database  expertise. 

•  WebSphere,  Lotus  groupware 
resources. 

•  IBM  marketing  muscle  and 
development  dollars. 

Challenges 

•  No  true  Web  content  management 
offering. 

•  Limited  document  management 
features  compared  with  competition. 

•  Incomplete  coordination  among 
DB2,  Lotus  and  WebSphere  brands. 

underlying  database  technology  on  which 
IBM’s  Content  Manager  line  is  built, can  rec¬ 
oncile  disparate  Web  content,  document 
and  digital  asset  management  systems.The 


■  BY  ELLEN  MESSMER 

SAN  MATEO,  CALIF  —  Start-up  Sana 
Security  this  week  will  introduce  software 
it  says  can  learn  normal  server  activity  and 
detect  or  block  abnormal  behavior, such  as 
buffer-overflow  attempts,  which  aims  to 
subvert  the  server's  security 

The  company’s  Primary  Response  offer¬ 
ing  is  one  of  a  new  breed  of  behavior¬ 
blocking  products  that  have  been  proven 
capable  of  stopping  new  and  unidentified 
attacks  —  in  contrast  with  signature-based 
defense,  which  depends  on  a  specific 
attack  definition.  The  downside  of  behav¬ 
ior-blocking  technology  is  that  it  can 
require  a  lot  of  management  to  make  it 
work.  Sana  says  its  product,  which  starts  at 
$6,500,  spares  the  administrator  the  man¬ 
agement  burden  because  Primary  Re¬ 
sponse,  which  runs  on  Sun  Solaris  and 
Microsoft  Windows  servers,  uses  artificial 


database  angle  unifies  all  of  those  systems, 
so  a  company  could  save  all  kinds  of  assets 
in  the  same  database,”  he  says. 

IBM  isn’t  the  only  database  vendor  with 
its  sights  set  on  content  management. 
Oracle  and  Microsoft  also  are  interested 
and  bring  database  and  search  technolo¬ 
gies  to  the  table,  Murphy  says. 

The  three  companies  are  encroaching  on 
the  content  management  market  by  beef¬ 
ing  up  their  database  products,  which  can 
store  document  content,  digital  assets,  Web 
content  and,  in  some  cases,  XML  content, 
Murphy  says.  The  database  vendors  also 
have  built  in  better  search,  versioning  and 
access  control  features.  “Those  functions 
are  no  longer  necessary  from  the  content 
management  vendors,"  he  says.“IBM,  Micro¬ 
soft  and  Oracle  all  are  eating  away  at  the 
bottom  of  the  market.” 

Nonetheless,  Murphy  says  IBM  is  not  yet 
viewed  as  a  direct  competitor  to  pure-play 
document  management  vendors  such  as 
Documentum  or  FileNet.  Its  offerings  are 
still  immature  and  best-suited  for  compa¬ 
nies  with  a  big  investment  in  IBM  or  a  little 

See  IBM,  page  24 


intelligence  to  monitor  and  learn  individ¬ 
ual  server  communication  patterns. 

According  to  Sana’s  founder  and  chief 
scientist, Steven  Hofmeyr.the  administrator 
loads  the  Primary  Response  agent  onto  the 
server  and  decides  whether  to  have  suspi¬ 
cious  activity  reported  to  the  Primary 
Response  console  or  blocked.  Beyond  that, 
there’s  no  need  to  configure  it.  But  it  does 
take  a  while  for  Primary  response  to  deter¬ 
mine  what  is  to  be  considered  typical,  legit¬ 
imate  activity 

These  software  agents  are  profiling  the 
normal  behavior  of  the  server  program 
and  the  operating  system,”  Hofmeyr  says.“lt 
starts  off  ignorant,  but  in  a  day  or  two,  it 
knows  what  to  do  and  has  a  means  of 
detecting  when  the  system  is  using  some¬ 
thing  not  normally  used.” 

Some  customers,  including  home  and 
garden  retailer  Smith  &  Hawken  in  Novato, 

See  Sana,  page  24 


Sana  Security  claims 
cure  for  server  intrusion 
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We  did  not  get  far  into  the  new  year 
before  the  inevitable  happened. 
Yet  another  fast-spreading  worm 
struck  a  Microsoft  product,  bogging 
down  big  chunks  of  the  Internet  and  tak¬ 
ing  a  few  tens  of  thousands  of  servers  off 
the  'Net.  Like  the  last  few  times,  this 
attack  would  have  been  prevented  if 
managers  of  Microsoft  systems  had  only 
kept  them  up  to  date  by  applying  the  lat¬ 
est  security  fixes. 

It  only  took  20  minutes  after  the  attack 
started  about  at  12:30  a.m.  EST  Saturday, 
Jan.  25,  for  the  first  message  about  it  to 


Familiar  welcome  to  the  new  year 


show  up  on  the  North  American  Network 
Operators  Group  mailing  list  (www. 
nanog.org/mailinglist.html).  At  1:28  a.m., 
the  fact  that  the  attack  abused  User 
Datagram  Protocol  (UDP)  Port  1434  was 
posted,  which  was  enough  information  for 
most  network  operators  to  know  what  to 
do  to  block  the  impact. 

The  notification  came  too  late  to  have 
much  of  an  effect  on  propagation 
because  most  of  the  worldwide  spread 
seemed  to  happen  within  the  first  few 
minutes.  Information  about  the  attack  and 
how  to  fight  it  did  not  propagate  as  fast  as 
the  attack,  but  was  available  long  before 
most  network  managers  woke  up  and  fig¬ 
ured  out  they  were  under  attack. 

This  worm’s  propagation  speed  was  a 
testament  to  Microsoft’s  success  in  the 
marketplace  and  a  poster  child  for  the 
fact  that  there  is  no  reason  to  be  sanguine 
about  the  ability  of  the  Internet  or,  more 


particularly,  the  systems  on  ’Net  to  resist  a 
concerted  attack.  The  software  monocul¬ 
ture  of  today’s  Internet  and  the  unwilling¬ 
ness  of  system  operators  to  do  what  is 
needed  to  keep  their  systems  up  to  date 
securitywise  mean  that  this  is  far  from  the 
last  successful  attack  we  will  see. 

System  operator  unwillingness  seems  to 
be  the  result  of  a  number  of  factors:  the 
frequency  of  updates;  an  assumption  that 
updates  should  not  be  done  when  they 
come  out  because  they  might  introduce 
more  bugs  than  they  fix;  and  the  disrup¬ 
tion  required  when  an  update  is  done. 

In  the  spectrum  of  attacks,  this  was  quite 
benign.  Installing  the  patch  you  already 
should  have  installed  and  rebooting  did 
the  trick;  no  rebuilding  disks  from  scratch 
and  hoping  that  the  backups  would  work. 
So  whoever  launched  this  worm  was  after 
disruption,  not  destruction.  Someone  with 
a  touch  more  malice  in  his  heart  would 
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bit  of  time  to  wait  for  IBM  to  build  out  its 
product  set,  he  says. 

Inside  IBM.  developers  are  working  to 
gel  its  content  management  offerings,  Tau- 
fen  says. 

One  new  area  for  IBM  is  records  manage¬ 
ment.  In  November,  IBM  bought  Tarian 
Software  for  its  records  management  and 
e-mail  archive  infrastructure.  Tarian’s  soft¬ 
ware  doesn’t  store  content,  but  it  applies 
policies  and  rules  for  capturing,  retaining 
and  disposing  of  information  to  all  a  com¬ 
pany’s  applications  that  store  content. 

IBM  has  tied  the  Tarian  software  to  its 
Content  Manager  suite,  Taufen  says.  This 
year,  IBM  will  work  to  integrate  Tarian  with 


its  Lotus  line  of  e-mail  and  collaboration 
software, Taufen  says. 

The  effort  makes  sense,  analysts  say  “In¬ 
creasingly  records  management  function¬ 
ality  is  becoming  a  big  driver  for  end-user 
organizations,” says  Karen  Shegda,  research 
director  at  Gartner.  The  research  firm  pre¬ 
dicts  that  by  2005,  half  of  all  global  2000 
companies  will  have  adopted  records  man¬ 
agement  technology 

IBM  isn’t  the  only  vendor  to  notice  that 
trend.  In  December,  Documentum  ac¬ 
quired  another  electronic  records  man¬ 
agement  technology  developer,  TrueArc, 
Open  Text  and  Hummingbird  also  have 
purchased  records-management  compa¬ 
nies,  Shegda  says. 

Also  this  year,  IBM  plans  to  step  up  its 
code-sharing  efforts  with  respect  to  content 


PROFILE:  SANA  SECURITY 


Location:  San  Mateo,  Calif. 
Founded:  October  2000 


Founder:  Steven  Hofmeyr,  chief 
scientist 


Employees:  24 


Product:  Primary  Response, 
intrusion-prevention  software  for 
servers. 


Funding:  $12  million  from 
the  Entrepreneurs  Fund,  Esther 
Dyson  Ventures  and  Sevin  Rosen. 

Fast  fact:  Hofmeyr,  who 
holds  a  doctorate  in  com¬ 
puter  science  from  the 
University  of  Mexico, 
spent  a  year  at  the  Arti¬ 
ficial  Intelligence  Lab  at 
Massachusetts  Institute 
ofTechnology  and  is  on  the  ■ 
program  committee  forthe  Artificial 
Immune  Systems  workshop  at  the 
IEEE  World  Congress  on  Computa¬ 
tional  Intelligence. 
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Calif.,  which  has  been  beta-testing  Primary 
Response,  back  up  the  claim  that  the  soft¬ 
ware  can  learn  on  its  own  without  needing 
the  administrator  to  configure. 

“It  really  does  detect  changes  and  anom¬ 
alies,"  says  Smith  &  Hawken  CIO  Tammy 
Lowe.  “We’ve  had  people  try  and  attack  us 
from  [other]  countries,  and  it’s  detected 
and  blocked.”  After  months  of  testing  it  in  a 
data  center,  Smith  &  Hawken  is  rolling  out 
Primary  Response  across  the  company 

Primary  Response  can  monitor 
Web-based  and  customized  appli¬ 
cations, and  in  the  coming  months, 
Sana  plans  versions  of  Primary 
Response  to  run  on  Linux  and  A1X. 
Sana  aims  to  compete  against  En- 
tercept,  Harris,  Okena  (which  Cisco 
recently  acquired)  and  Stratum8, 
among  others  that  also  market 
host-based  software  using  this  type 
of  behavior-blocking  defense.  However, 
Sana  has  no  immediate  plans  for  a  desktop 
version  of  its  software. 

Sana:  www.sanasecurity.com 
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management, Taufen  says.The  content  man¬ 
agement  division  has  standardized  on  the 
WebSphere  application  server  and  is  con¬ 
tinuing  efforts  to  port  its  multiple  content 
management  products  to  a  common  plat¬ 
form  —  one  that  makes  better  use  of  DB2, 
she  says. 

By  more  tightly  integrating  with  DB2,  the 
content  management  products  gain  ad¬ 
vanced  search  capabilities,  such  as  cross¬ 
repository  search,  and  some  security  and 
digital  rights  management  functionality, 
Shegda  says. 

Web  services  support,  including  Simple 
Object  Application  Protocol  support,  also 
is  on  tap  this  year, Taufen  says. 

IBM  has  its  work  cut  out  for  it,  analysts  say 
The  company’s  content  management  re¬ 
sources  are  fragmented,  Shegda  says.  IBM 
Content  Manager  includes  document  imag¬ 
ing  and  document  management  capabili¬ 
ties,  along  with  tools  for  handling  rich 
media  such  as  audio  and  video  content. 

Meanwhile,  IBM’s  Lotus  division  has  col¬ 
laborative  document  management  capa¬ 
bilities,  WebSphere  MQ  has  workflow 
tools,  and  WebSphere  Portal  has  a  few 
basic  Web  content  management  features. 

Together,  these  resources  make  for  a 
broad  content  management  suite.  How¬ 
ever,  they  aren’t  tied  together  well,  Shegda 
says.“If  IBM  wants  to  move  more  into  the 
broader  content  management  picture, 
they  need  to  make  their  offerings  more 
cohesive,”  she  says. 

Also,  within  the  content  management 
family,  there’s  consolidation  work  to  be 
done,  Shegda  says.  Content  Manager  has  a 
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have  made  for  a  very  bad  weekend. 

One  real  puzzle  about  the  attack  has  not 
been  resolved  as  I  write  this.  It  seems  that 
about  13,000  of  Bank  of  America’s  auto¬ 
mated  teller  machines  went  down  during 
the  attack.The  puzzle  is,  WHY?  If  the  bank 
is  putting  its  ATMs  directly  on  the  Internet, 
it  is  demonstrating  a  confidence  in  the 
’Net  that  few  other  folks  do.  If  it  was 
because  of  a  leak  though  a  firewall  that 
hit  some  Microsoft  server  that  ran  the  ATM 
network,  then  the  bank  needs  better  fire¬ 
wall  folk.  But  we  might  never  know  —  the 
answer  might  just  be  too  embarrassing. 

Disclaimer:  Causing  embarrassment 
sometimes  seems  to  be  a  Harvard  mis¬ 
sion,  but  1  did  not  ask  the  university  about 
this  case  —  it’s  all  my  own  puzzlement. 

Bradner  is  a  consultant  with  Howard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


repository  that  handles  standard  docu¬ 
ments  and  images,  and  it  has  Content 
Manager  OnDemand,  which  is  a  separate 
repository  for  handling  mainframe  informa¬ 
tion.  Merging  those  two  into  a  single  reposi¬ 
tory  for  all  types  of  digital  content,  including 
mainframe  reports,  would  make  administra¬ 
tion  easier  for  users,  Shegda  says. 

In  terms  of  features,  IBM’s  content  man¬ 
agement  portfolio  lacks  sophisticated 
Web  content  management  tools.Those  in¬ 
cluded  in  IBM’s  portal  offering  are  light¬ 
weight  and  not  geared  for  high-volume 
use,  AMR’s  Murphy  says.“What  IBM  clearly 
doesn’t  have  yet  —  and  hasn’t  made  a 
really  bold  move  into  —  is  Web  content 
management,”  he  says. 

Meanwhile,  IBM  is  not  alone  in  upping 
its  content  management  offerings.  Other 
vendors  with  product  enhancements 
include: 

•  FileNet,  which  just  launched  its  re¬ 
designed  FileNet  P8  platform. The  new  plat¬ 
form  lets  customers  build  systems  using  just 
the  modules  they  need.lt  includes  modules 
for  managing  business  processes,  enterprise 
content, Web  content  and  images. 

•  Vignette,  which  started  shipping  its  V7 
family  of  products  in  January.  New  tools 
include  a  graphical  workflow  modeling 
tool  and  integration  workbench  de¬ 
signed  to  make  it  easier  to  build  Web  sites 
and  portals. 

•  Venetica,  which  unveiled  a  new  re¬ 
lease  of  its  flagship  suite  for  integrating 
disparate  content  repositories.  Venice- 
Bridge  5.0.can  handle  more  content  types 
and  has  a  common  in-box  for  disparate 
workflow  engines,  the  company  says. 

•  Progressive  Information  Technologies, 
which  released  a  new  version  of  itsVasont 
content  management  system.  New  to 
Vasont  8.0  are  multilanguage  translation 
capabilities  so  that  organizations  can  man¬ 
age  and  edit  multilingual  content  from  a 
single  source. 

•  GlobalScape,  which  released  a  new  Web 
content  management  system,  PureCMS,  tar¬ 
geted  at  small  and  midsize  businesses.  ■ 


■  The  U.S.  Bankruptcy  Court  for  the 
Southern  District  of  New  York  has 
approved  Level  3  Communica¬ 
tions’  planned  acquisition  of  Genu¬ 
ity.  Genuity  announced  it  will  lay  off 
700  to  800  more  employees.  Level  3  is 
expected  to  offer  permanent  posi¬ 
tions  to  about  1,400  to  1,500  Genuity 
staffers,  but  the  final  number  of  em¬ 
ployees  is  not  guaranteed  at  this 
time.  Level  3  announced  its  plans  to 
acquire  Genuity  for  $242  million  in 
November  as  the  ISP  filed  for  Chap¬ 
ter  11  bankruptcy  protection.  The 
companies  expect  the  acquisition  to 
close  this  month,  www.level3.com; 
www.genuity.com 

■  SBC  last  week  launched  a  portfolio 
of  managed  services  designed  to 
appeal  to  midsize  businesses  that 
are  thinking  about  outsourcing  some 
or  all  their  network  and  telecom 
needs.  In  the  past,  SBC  has  concen¬ 
trated  on  selling  managed  services 
only  to  large  businesses.  SBC  will 
market  the  services  under  the  brand 
name  PremierServ.  The  packages 
will  include  a  number  of  options,  in¬ 
cluding  long-distance  voice,  local 
voice,  Internet,  data  transport,  man¬ 
aged  customer  premise  equipment, 
hosting  and  security.  Initial  services 
will  include  ATM,  frame  relay,  IP  VPN, 
managed  remote  access  services, 
e-services,  video  services,  integrated 
access  service,  premise- based  IP 
telephony  and  security.  SBC  will 
manage  both  LANs  and  WANs,  in¬ 
cluding  network  equipment  that  cus¬ 
tomers  own. 

■  The  MPLS  Forum  and  Frame 
Relay  Forum  plan  to  merge  their 
organizations  to  coordinate  activities 
and  gain  operational  efficiencies. 
Pending  approval  of  members  from 
both  organizations,  the  merger 
should  be  completed  by  March  31. 
Association  Management  Solu¬ 
tions,  manages  both  forums  and  is 
looking  to  align  their  technical  direc¬ 
tions.  Frame  relay  access  to  a  Multi¬ 
protocol  Label  Switching  network 
core  is  coming  into  vogue  in  the 
industry. 
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How  Cogent  digested  PSINet 


While  many  communications  providers  that  sprang 
up  in  the  late  1990s  have  been  filing  for  bankruptcy, 
ISP  Cogent  Communications  has  made  news  by 
acquiring  the  assets  of  its  cash-strapped  counter¬ 
parts.  In  early  2002,  the  company,  which  offers  high¬ 
speed  Internet  service  to  customers  in  buildings 
attached  to  Cogent's  fiber  network,  purchased  Allied 
Riser  and  once-powerful  PSINet  to  expand  Cogent's 
footprint.  CEO  Dave  Schaeffer  recently  sat  down 
with  Network  World  Senior  Writer  Michael  Martin  to 
discuss  how  Cogent  has  handled  the  integration  of 
PSINet  and  how  the  company  plans  to  grow. 


How  is  the  integration  of  PSINet  going? 

It’s  basically  complete.There  are 
three  buckets  in  that  integration. The 
first  is  the  integration  of  the  network, 
the  second  is  the  integration  of  sys¬ 
tems,  and  the  third  is  the  integration 
of  the  customers. 

In  terms  of  the  physical  network,  we 
started  out  with  a  belief  that  the  archi¬ 
tecture  we  deployed,  which  is  a  Layer 
3  protected  network,  was  the  most 
scalable  and  cost-effective.  PSINet 
operated  a  fairly  unique  network 
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architecture  in  being  predominantly  a  frame  network.  So 
what  they  did  was  they  aggregated  traffic  at  the  edge 
through  frame  switches,  brought  that  traffic  into  their  IP 
routers  and  carried  the  IP  traffic  onto  a  frame  backbone. 

We  felt  a  pure  IP  over  [dense  wavelength  division  multi¬ 
plexing]  network  made  a  lot  more  sense.  We  divided  the 
PSINet  network  into  segments.  We  then  took  each  seg¬ 
ment  and  diverted  the  traffic  onto  the  Cogent  network. 
We  then  dismantled  that  portion  of  the  PSINet  network, 
taking  all  of  the  equipment  and  repatriating  it  into  a  cen¬ 
tral  warehouse.  We  then  took  that  gear  and  redeployed  it 
to  expand  our  network  footprint. 

What  did  you  have  to  do  for  the  systems? 

In  terms  of  systems,  there  are  four  main  categories  — 
network  monitoring  and  surveillance  systems;  customer¬ 
facing  systems  like  the  contact  database  and  billing  sys¬ 
tems;  the  asset  and  inventory  systems;  and  the  account¬ 
ing  and  back-office  systems.  We  compared  those  with 
what  we  had  and  used  the  best. 

And  the  customers? 

For  customers,  we  put  in  place  an  outreach  program 
that  included  e-mail  notifications  and  outbound  calls 
to  customers  to  let  them  know  what  was  happening 
with  their  network  and  letting  them  know  we  were 
committed  to  continuing  their  service  and  maintaining 


a  high  quality. That  culminates  in  entering  into  new 
contracts  with  the  customers  when  their  contracts  ter¬ 
minate. 

Many  existing  contracts  were  multiyear  deals  at  prices 
that  were  significantly  out  of  market,  based  on  todays  mar¬ 
ket  environment.  So  we  contacted  those  customers  and 
negotiated  new  contracts. 

Have  most  of  the  customers  stayed  with  you? 

Yes. We  expected  some  attrition,  and  we  have  had  some. 
But  the  majority  of  the  customers  have  stayed  with  us. 

Do  they  still  buy  the  same  services  they  got  from  PSINet? 

There  are  a  few  modifications.  Because  our  pricing 
structure  is  much  lower,  we  migrated  customers  who 
were  on-net  to  Cogent  to  our  100M  bit/sec  Ethernet 
product  from  T-l  services.  For  other  customers  we  low¬ 
ered  prices  and  have  seen  them  increase  their  band¬ 
width  purchases.  Within  the  data  centers  our  emphasis 
has  been  on  pure  collocation,  instead  of  a  spectrum  of 
managed  services.  We’ve  encouraged  customers  to 
move  from  managed  hosting  to  pure  collocation,  reduc¬ 
ing  their  costs  and  picking  up  additional  management 
responsibilities. 

What  did  you  do  with  the  customers  who  were  getting  frame 
connections  from  PSINet? 

We  have  converted  them  to  Layer  3  VPNs.  We  don’t  sup¬ 
port  Layer  2  frame. 

People  weren't  upset  they  were  being  switched  from  frame  to  IP? 

Not  really. We  tried  to  make  this  as  transparent  as  possi¬ 
ble  for  the  customer. That,  coupled  with  the  fact  that  we 
usually  lowered  their  cost,  made  it  go  over  well. 

How  is  the  Ethernet  access  business  growing? 

We  continue  to  grow  that  business  in  a  difficult  environ¬ 
ment.  We  continue  to  add  on-net  buildings  at  about  1.5 
buildings  per  day  We  have  over  600  buildings  on-net  now. 

How  are  you  doing  financially? 

Our  public  data  shows  we’re  still  burning  cash. The 
majority  of  that  cash  burn  though  is  earmarked  for  the 
expansion  of  the  network.  If  we  stopped  growing,  we’d  be 
about  cash-flow  neutral. 

Why  are  you  still  growing  when  other  companies  are  standing 
still  or  cutting  back? 

A  big  part  of  the  reason  is,  we  did  a  lot  of  work  before 
we  began  building  on  how  we  would  reach  our  address¬ 
able  market.  We  wanted  to  understand  where  end-user 
demand  was.  We  have  about  7,400  miles  of  metro  fiber 
comprising  138  rings.  We  have  about  3,000  buildings  that 
meet  all  of  our  criteria.  Our  architecture  gives  us  a  low 
cost,  and  if  we  get  to  customers  in  those  buildings  we’ll 
continue  to  get  market  share.  ■ 
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A  better  way  to  measure  true  costs 

L 


ast  week  we  discussed  the  concept 
of  total  cost  of  service  delivery  In  a 
I  nutshell,  it  is  an  approach  for  mea¬ 
suring  the  value  of  technology  based  on 
the  assumption  that  you’re  putting  the 
technology  in  place  to  help  accomplish  a 


business  function. 

Why  add  a  new  buzzword  when  we’ve 
already  got  tried-and-true  total  cost  of  own¬ 
ership  (TCO)  and  return  on  investment 
(ROI)?  Because,  in  my  experience,  neither 
model  adequately  captures  the  true  effect 


Web  Inspector  ™ 

The  Best  Choice  for  Internet  Filtering 


Protecting  vour  network  is  more  important  than  ever— not  to  mention  challenging.  When  you  have  more  security  risks 
than  time  to  handle  them,  the  new  Web  Inspector  is  a  slam  dunk  for  reliable,  hassle-free  Internet  filtering.  Whether  you 
need  to  manage  web  access  by  individual  or  group,  handle  a  team  of  50  or  50,000  or  take  advantage  of  just  a  few 
or  over  500  customizable  reports,  Web  Inspector  lets  you  call  the  shots.  Add  Web  Inspector  to  your  IT  game  plan  — 

cal!  800-767-6683  for  a  free  trial  today! 


of  technology  on  a  business.TCO  is  great  if 
you’re  worrying  about  running  your  IT 
department  less  expensively:  A  product 
that  requires  two  engineers  to  manage  is 
clearly  an  improvement  over  a  product 
that  requires  10.  Unfortunately,  this  ap¬ 
proach  doesn’t  tell  you  whether  buying 
that  product  was  a  good  idea  in  the  first 
place.  ROI  tries  to  address  this  weakness  by 
asking  about  the  return  on  a  given  tech¬ 
nology  investment,  but  there  are  precious 
few  clues  as  to  how  to  quantify  that  return. 

Enter  TCSD.  The  fundamental  concept  is 
that  technology  —  even  infrastructure 
technology  —  is  deployed  in  the  service  of 
a  particular  business  function  (or  “ser¬ 
vice”).  To  measure  the  value  of  the  tech¬ 
nology,  look  at  the  role  it  plays  in  perform¬ 
ing  that  function. 

An  example:  An  accounting  service 
might  require  two  accountants,  a  special¬ 
ized  analytics  package,  hardware  and  soft¬ 
ware,  and  a  network.  But  you  might  be  able 
to  offer  that  same  service  with  no  accoun¬ 
tant,  no  specialized  analytics,  and  just  the 
hardware,  software  and  network  —  clearly 
an  improvement  in  TCSD. 

Some  guidelines  for  computing  TCSD: 

1.  Start  by  defining  the  service  using  busi¬ 
ness  terms.  It’s  not  enough  to  know  that  FTP 
makes  up  12%  of  your  WAN  traffic;you  need 
to  ask  what  applications  are  generating  that 
FTP  traffic  and  why  Is  the  research  and 
development  department  sending  CAD/ 
CAM  files?  A  switch  updating  its  call 
records?  Find  out  who  in  your  business 
owns  that  application, and  open  a  dialogue. 

2.  Understand  the  performance  parame¬ 
ters  of  that  business  function.  Do  files  have 
to  be  updated  hourly?  Why?  What  happens 
if  they  aren’t  updated  on  that  schedule? 
Would  the  ability  to  perform  synchronous 
updates  be  an  improvement?  Take  your 
time  with  this  step,  and  be  creative.  Many 
times,  business  units  do  things  a  certain 
way  because  they’re  unaware  that  better 
technology  can  provide  improvements. 

3.  Translate  the  business  performance 
parameters  into  technical  parameters.  If 
the  goal  is  to  perform  synchronous  up¬ 
dates,  what  does  that  mean  in  terms  of 
megabits  of  bandwidth  and  milliseconds 
of  latency? 

4.  Compute  the  current  cost  of  providing 
the  current  service  by  including  infrastruc¬ 
ture  hardware  and  software,  business 
applications,  and  personnel.  Be  sure  to  in¬ 
clude  costs  that  are  borne  by  the  business 
unit  (not  just  IT):  the  cost  of  a  business  spe¬ 
cialist,  for  example,  or  specialized  software. 

5.  Now  you  can  start  your  modeling.  Is 
there  a  different  combination  of  hardware, 
software,  services  and  humans  that  could 
deliver  the  same  service  at  a  lower  cost  or 
measurably  improve  the  service’s  quality? 
Offering  synchronous  updates  at  no  extra 
cost  might  directly  benefit  an  organiza¬ 
tion’s  top  or  bottom  lines. 
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V  /  **7, 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  a  technology 
research  firm.  She  can  be  reached  at 
johna@nemertes.  com. 


For  further  information,  contact: 
NTT  Communications  Corporation, 
nttverio@ntt.com 
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Wisdom 

Something  you  can  expect  from  our  vast  experience. 

NTT/VERIO  IP  and  managed  network  services  are  comprehensive  and  sophisticated. 

But  what  do  we  offer  that’s  different?  One  thing  is  the  wisdom  that  comes  with  the  vast  experiences 
of  covering  nearly  90  countries  around  the  globe.  It’s  a  wisdom  that  helps  our  customers  sustain  their  success. 
From  IP  connectivity  and  managed  network  to  a  range  of  hosting  services,  we  offer  everything 
you  need  to  thrive  in  our  networked  economy.  By  using  the  NTT/VERIO  global  services, 
you  will  be  working  with  a  partner  that  has  complete  control  over  their  network  and  is  completely 
accountable  for  its  consistent  and  reliable  performance.  Which,  we  feel,  is  only  wise. 

www.nttverio.com 


VERIO 


NTT  Communications  Group  Offices  Japan  •  USA  •  Brazil  •  UK  •  France  •  Germany  •  Netherlands  •  Spain  • 

Korea  •  China  «  Hong  Kong  •  Taiwan  •  Vietnam  •  Thailand  •  Indonesia  •  Singapore  •  Malaysia  •  Philippines  •  Sri  Lanka  •  Australia 

*  A  full  service  offering  may  not  be  available  in  some  areas 

NTT  is  a  trademark  of  NIPPON  TELEGRAPH  AND  TELEPHONE  CORPORATION.  Verio  is  a  trademark  of  Verio  Inc.  All  other  referenced  product  names  are 
trademarks  of  their  respective  owners.  ©2003  NTT  Communications  Corporation 
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How  low  can  rates  go? . . .  It’s  worth  asking 


Traditional  data  service  price  landscape 


Frame  relay  costs  have  dropped 
about  10%  to  20%  since  mid- 
2001.  Here  is  how  much  you  would 
pay  for  a  T-1  frame  relay  port 
with  10  64K-bit/sec  PVCs. 

AT&T:  $4,055 

WorldCom:  $5,073 

Sprint:  $4,688 


All  prices  are  based  on  retail  list  prices 
that  are  not  discounted.  Discounts  could 
range  from  30%  to  70%. 


Private-line  prices  also  are 
coming  down,  but  not  as 
dramatically. 

(In  thousands) 
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■  T-3, 45  M  bit/sec  ■  T-1, 1.544M  bit/sec 


■  BY  DENISE  PAPPALARDO 

Todays  economy  is  driving  users  to  maintain  exist¬ 
ing  investments  in  traditional  data  services.  Despite 
a  lot  of  hype  and  increasing  adoption  of  IP  VPN 
technology,  businesses  are  happy  to  stick  with  tried-and- 
true  frame  relay  and  private-line  offerings. 

But  sticking  with  what  works  doesn’t  mean  users  can’t 
lower  monthly  service  costs.  Lower  service  rates  are  still 
available,  especially  if  it  has  been  more  than  two  years 
since  your  last  contract  negotiation. 

Embarcadero  Systems  recently  renegotiated  all  its 
long-haul  dedicated  T-ls  on  the  West  Coast  and  reduced 
its  monthly  expenses  by  two-thirds,  says  John  Mont¬ 
gomery,  director  of  technical  services  at  the  San  Fran¬ 
cisco  shipping  company. 

“T-ls  are  pretty  cheap  right  nowj’he  says.“Even  though 
we  already  had  a  contract,  we  were  able  to  renegotiate 
with  AT&T  and  Sprint  for  lower  rates.”  Carriers  will  not 
always  renegotiate  contracts  before  they  expire,  but  are 
motivated  to  do  so  when  customers  have  other  options 
and  big  budgets. 

Montgomery  lowered  rates  for  six  dedicated  T-ls.  He 
also  says  he  looked  into  setting  up  two  T-ls  from 
California  to  Miami  for  a  new  project. 

“We  expected  to  pay  around  $10,000  per  month  for 
the  connections,  but  we  were  getting  quotes  for  $5,000,” 
he  says.  While  the  project  fell  through  for  other  reasons, 
Montgomery  was  surprised  at  how  “cheap”  it  is  to  sup¬ 
port  dedicated  connections  across  the  country. 

Although  Montgomery  says  Embarcadero  was  able  to 
lower  its  monthly  private-line  bill,  one  of  its  carriers, 
AT&T, says  its  listed  prices  are  creeping  up. 

Fractional  T-1  and  full  T-1  prices  have  gone  up  2%  to 
5%  and  1%  to  2%  respectively  over  the  past  year,  says 
Steve  Sobolevitch,  vice  president  for  AT&T  Business  ser¬ 
vice  pricing.  He  attributes  the  increases  to  “a  return  to 
rationalization  in  pricing.” 

“The  market  couldn’t  sustain  the  types  of  price  de¬ 
clines  we  were  seeing,”  Sobolevitch  says.  Private-line  ser¬ 
vice  is  not  a  growing  piece  of  business,  which  is  why 
prices  have  stabilized  and  in  some  cases  have 
increased,  he  says.  If  the  service  isn’t  generating  addi¬ 
tional  revenue,  the  carrier  is  not  motivated  to  offer  more 
aggressive  pricing. 

All  carriers  offer  discounts  for  customers  that  have 
large  networks  or  commit  to  spending  a  certain 
amount. 

While  AT&T  says  some  private-line  prices  are  on  the 
rise,  WorldCom  says  its  prices  still  are  declining. 

“Prices  have  dropped  20%  to  25%  [forT-3,45M  bit/sec 
private-line  services]  in  the  last  12  months,  which  is 
small  in  relation  to  previous  price  declines," says  Ronnie 
Bailey, senior  director  of  data  services  at  WorldCom. 

Like  AT&T,  WorldCom  is  not  offering  huge  price  cuts 
on  its  lower-speed  privateline  services,  but  its  fractional 
T-1  and  full  T-1  services  have  come  down  10%  to  12%  in 
the  last  year. 

Sprint  refused  to  provide  pricing  information  or  an 
executive  to  be  interviewed  for  this  story. 

One  t  rm  that  tracks  and  analyzes  pricing  and  usage 
trends  around  the  world  says  prices  still  are  coming 
down  But  the  dip  isn’t  as  dramatic  as  it  has  been  in 
past  years.”  says  Robert  Schult, senior  analyst  at 


TeleGeography. 

From  January  2001  to 
January  2002,  dedicated 
OC-3, 155M  bit/sec  links 
between  cities  such  as 
New  York  and  Atlanta,  and 
Boston  and  New  York 
dropped  by  60%  to  65%. 

Since  January  2002, 
prices  dropped  another 
20%  to  25%  for  the  same 
bandwidth  between  the 
same  cities,  Schult  says. 

The  research  firm  looks  at 
the  five  lowest  prices  and 
runs  an  index  based  on 
those  averages.  Prices  on 
some  of  the  most  popular 
routes,  such  as  those  be¬ 
tween  New  York  and 
Miami,  and  New  York  and  Los  Angeles,  have  dropped 
only  10%  to  15%,  because  these  routes  already  were 
competitively  low,  he  says. 

Carriers  also  have  tapped  the  brakes  in  terms  of  cut¬ 
ting  frame  relay  prices. 

“Over  the  last  three  to  four  years  we’ve  seen  frame 
relay  price  declines  of  5%  to  10%  per  year,”  says  Ron 
Kaplan,  analyst  at  IDC.  But  carriers  are  slowing  the  rate 
of  declines,  because  of  the  slow  economy  and  the 
changing  telecom  market,  he  says. 


Prices  have  dropped  20%  to 
25%  [for  T-3, 45M  bit/sec  private¬ 
line  services]  in  the  last  12  months, 
which  is  small  in  relation  to  previ¬ 
ous  price  declines." 

Ronnie  Bailey 

Senior  director  of  data  services,  WorldCom 

“Instead  of  trying  to  grab  [market]  share  like  all  the 
carriers  were  trying  to  do  at  the  height  of  the  telecom 
boom,  carriers  are  more  focused  on  their  bottom  line,” 
Kaplan  says. 

AT&T  frame  relay  customers  who  have  midsize  to 
large  networks  should  expect  lower  prices  than  they 
saw  the  last  time  they  signed  a  contract,  analysts  say 
“There  has  been  a  5%  decline  in  prices  for  customers 
that  move  from  low-speed  frame  relay  to  high-speed,” Sob¬ 
olevitch  says.These  include  those  who  had  56K  bit/sec 
frame  relay  and  moved  to  T-1  or  NxT-1  services. 

Competition  in  the  market  and  pressure  from  IP  ser¬ 
vices  continue  to  drive  down  frame  relay  prices.  But  the 
price  declines  are  not  as  sharp  as  they  once  were, 
because  IP  is  now  sold  as  a  flexible  network  alternative, 
not  just  as  a  low-cost  network  option,  Sobolevitch  says. 

WorldCom  customers  who  move  from  lower-speed 
frame  relay  services  to  higher-speed  T-1  and  NxT-1  offer¬ 
ings  also  are  seeing  lower  service  rates.  WorldCom  has 


cut  T-1  ports  by  10%  to  12%,  Bailey  says. 

“The  average  cost  for  a  512K  bit/sec  port  is  about  $425 
per  month,  which  is  lower  than  it  was  12  to  18  months 
ago,” says  David  Willis,  analyst  at  Meta  Group. This  is  based 
on  late  2002  prices,  he  says.  In  2001 ,  the  average  cost  for  a 
512K  bit/sec  port  was  $495  per  month. That  translates  to 
$7,000  per  month  or  $84,000  per  year  that  a  customer 
with  a  100-node  frame  relay  network  would  save. 

Users  also  pay  an  additional  permanent  virtual  circuit 
charge,  which  on  average  costs  about  $25  per  PVC.per 
month.  PVC  costs  also  have  come  down  about  $10  per 
PVC,  per  month, since  200 1 . 

Frame  relay  customers  also  can  negotiate  lower  cost  by 
exploring  other  service  options.’if  a  customer  that’s  up 
for  a  frame  relay  contract  renewal  tells  their  carrier  they 
are  thinking  of  moving  to  an  IP  VPN  service  with  a  differ¬ 
ent  carrier,  they  will  see  a  very  large  price  decrease  for 
their  new  frame  relay  contract,”  IDC’s  Kaplan  says. 

In  some  cases,  users  have  reported  up  to  a  40%  de¬ 
crease  in  price  for  the  same  frame  relay  network,  he  says. 
It’s  recommended  that  users  explore  an  IP  VPN  option 
and  get  a  quote  before  using  this  as  a  bargaining  tactic. 

According  to  analysts,  one  cost  for  private-line  and 
frame  relay  service  that  is  not  coming  down  is  the  cost 
of  local  access. 

“In  2000  it  was  common  to  get  T-1  local  access  for 
$125  to  $150  per  month, ’’Willis  says.“Now  it’s  $175  to 
$240  and  in  some  markets  its  up  to  $300  per  month.” 

“One  of  Meta’s  clients,  a  well-known  pharmaceutical 
company, sees  55%  of  their  total  WAN  costs  going  toward 
local  access  charges, "Willis  says. And  that  percentage 
seems  to  be  rising,  he  says. 

This  is  leading  to  network  consolidation  in  which 
users  are  opting  for  higher-bandwidth  pipes  just  to  re¬ 
duce  the  number  of  local  access  lines  they  have.  Willis 
also  expects  this  trend  to  further  fuel  voice  and  data 
convergence  in  the  near  term. 

While  local  prices  are  still  high,  Kaplan  says  they  might 
become  more  competitive  later  this  year  and  into  2004  as 
more  incumbent  local  exchange  carriers  receive  regula¬ 
tory  approval  to  offer  services  outside  their  traditional 
areas.  But  for  now,  users  are  left  to  consolidate  the  total 
number  of  access  lines  or  to  work  with  the  few  competi¬ 
tive  local  exchange  carriers  that  are  still  in  business.  ■ 
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PLAY  10  WIN? 
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Winning  on  the  Web:  To  help  preserve  the  record  of  one  of  North  America’s  oldest  sports,  the  Hockey 
Hall  of  Fame  chose  the  IBM  (©server  xSeries™  It’s  helped  hhof.com  handle  a  225%  increase  in  traffic 
over  the  past  year.  Select  xSeries  models  feature  the  Intel®  Xeon™  processor  for  superior  flexibility  and 
scalability  for  future  growth.  For  an  IDG  report  on  how  growing  companies  are  using  IT  to  advance  their 
business,  go  to  ibm.com/oserver/hhof  i,  fa  ^  My  *  ' 

All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary 
depending,  among  other  things,  on  individual  customer  configurations  and  conditions.  IBM,  the  e-business  logo.  eServer,  xSeries  and  e-business  is  the  game.  Play  to  win  are  trademarks  or 
registered  trademarks  of  International  Business  Machines  Corporation.  Intel,  the  Intel  Inside  logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the 
United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2003  IBM  Corporation.  All  rights  reserved 
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PLAY  TO  WIN? 


(©server 


Linux  ready  with  self-managing  features  for  every  e-business. 


InteF-based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 


UNIX®  /  pSeries™ 

Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 


Midrange  /  iSeries™ 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 


Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for 
up  to  99.999%  uptime1  to  handle  the 
demands  of  today’s  e-businesses. 


They  optimized  their  supply  chain  with  IBM  (©server  iSeries.  When  it  comes  to  supplying  hotel  chains  and 

restaurants  with  fine  china,  no  one  wants  to  wait  for  service.  So  Churchill  China  consolidated  their  e-commerce 
operation  onto  a  single  iSeries. Today,  they  can  dispatch  orders  within  24  hours  with  near-100%  accuracy.  For  a 
guide  on  server  consolidation,  go  to  ibm.com/eserver/churchill 


@ business  is  iht  'Fhy  in 


Requires  Parallei  Syspiex”  environment  AB  numbers  and  resuits  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  things, 
on  individual  customer  configurations  and  conditions.  IBM,  the  e-business  logo,  e-business  is  the  game.  Play  to  win,  eServer,  iSeries,  pSeries,  xSeries,  zSeries  and  Parallel  Syspiex  are  trademarks  or  registered  trademarks  of  International  Business  Machines 
Corporation  to  the  United  States  and  or  other  countries  Linux  is  a  registered  trademark  of  Linus  TorvaJds.  Intel  is  a  registered  trademark  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trademark  of  The  Open 
Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2002  IBM  Corporation.  All  rights  reserved. 


Introducing  the  network  VPN  that  can  honestly  say, 


BellSouth®  Managed  Network  VPN  Service  gives  you 
a  complete  network-based  solution  for  secure  site-to-site 
connectivity,  remote  access  and  Internet  access. 
We  support  the  ways  you  connect  from  DSL  to  OC3  and 
manage  it  all  on  one  integrated  platform.  You'll  get 
greater  overall  performance  with  streamlined 
operations.  Greater  security.  Greater 
flexibility.  Greater  ability  to 


use  a  wide  range  of  IP 
applications  from  anywhere  on  your 
network.  You  can  use  your  existing  access  equipment, 
or  we'll  supply  it.  Were  listening  to  business  needs  like  no 
one  else  and  answering  with  solutions  from  long 
distance  to  wireless  and  optical  networking.  For  more 
info,  visit  www.bellsouth.com/business/answers 


Sign  up  for  BellSouth®  Managed  Network  VPN  Service 

Free  Cisco  router 

with  minimum  12-month  contract* 


<§>  BELLSOUTH 

Listening.  Answering 


(□Cisco' 

^  Poweiad  Network 


'Some  restrictions  apply  Offer  expires  6/30/03.  Activation  required  by  8/31/03.  Visit  www  bellsouth.com/business/onswers  for  details. 

©  2003  BellSouth  Corporation.  All  trademarks  contained  herein  are  the  property  of  their  respective  owners. 


Three  reasons  to  buy  broadband 


■  BY  TONI  KISTNER 

LAS  VEGAS  —  For  the  majority  of  U.S. 
online  households,  broadband  still  fails  to 
deliver  enough  bang  for  the  buck.  Of  the 
76.5%  who  still  used  dial-up  last  year,  42% 
said  they  didn’t  need  it  and  32%  said  broad¬ 
band  was  too  expensive,  according  to  a 
recent  In-Stat/MDR  report. 

Service  providers  know  to  spur  demand 
they  must  offer  compelling  applications  on 
top  of  the  connection.  With  the  exception 
of  some  home-network  packages,  such 
offerings  haven’t  yet  materialized.  Al¬ 
though,  products  that  require  a  broadband 
connection  are  beginning  to  crop  up.  At 
the  recent  Consumer  Electronics  Show, 
three  offerings  were  on  display 

D-Link  debuted  its  i2eye  DVC-1000 
VideoPhone,  a  broadband  appliance 
that  delivers  IP  videoconferencing  via 
TV.The  device  sits  on  top  of  a  TV  and  fea¬ 
tures  an  adjustable  tilt/focus  camera 
lens  and  integrated  microphone.  You 
place  calls  via  the  interface  you  control 
with  a  remote.  To  speak,  you  can  use  an 
analog  phone  plugged  into  the  back  of 
the  box,  or  talk  directly  into  the  built-in 
speaker. 

In  a  demonstration,  D-Link  streamed 
video  between  its  show  booth  and  the 
company’s  Irvine,  Calif.,  conference  room 
over  a  225K-bit/sec  connection.Video  qual¬ 
ity  was  good  at  24  frames  per  second. The 
device  requires  a  minimum  96K-bit/sec 


Takes 


■  Rural  Britains  are  banding  together 
to  persuade  British  Telecom  to  pro¬ 
vide  their  small  towns  and  villages 
broadband  access.  Because  BT  will 
consider  deploying  high-speed  access 
when  a  community  preregisters  at 
least  200  (and  in  some  areas  400) 
potential  subscribers,  local  citizens 
are  distributing  flyers  and  building 
Web  sites  urging  their  neighbors  to 
sign  up.  National  group  Broadband4- 
Britain  says  it  has  signed  up  more 
than  200  “local  heroes"  to  spread  the 
word,  with  a  goal  to  ensure  all  busi¬ 
nesses  and  homes  can  get  affordable 
broadband  access  by  year-end. 


connection.  The  i2eye  costs  $300  each  or 
$500  for  a  pair,  and  is  available  this  month. 
D-Link  says  it  plans  to  launch  a  small  busi¬ 
ness  version  later  this  year. 

Motorola  unveiled  a  broad-reaching 
broadband  strategy  at  the  show,  including 
a  line  of  wireless  cable  modem  gateways 
and  802.11b  access  points,  adapters  and 
routers.  In  a  joint  venture  with  Xanboo, 
Motorola  also  is  developing  a  line  of 
Internet  home  control  and  remote  moni¬ 
toring  devices.  Products  will  include  a 
home  gateway,  camera,  sensors  and 
motion  detectors.  They  use  802.11b  wire¬ 
less  and  require  a  minimum  56K-bit/sec 
bilateral  broadband  connection.  The 
home  control  equipment  is  expected  to 
ship  this  spring. 

Network  executives  looking  to  reduce 
teleworkers’  phone  costs  might  consider 
Vonage  DigitalVoice.The  voice-over-IP  ser¬ 
vice  provides  unlimited  national  calling 
for  $39.99  per  month,  or  500  minutes  for 
$19.99  per  month.  Vonage’s  VoIP  network 
is  based  on  Session  Initiation  Protocol 
and  requires  a  minimum  90K-bit/sec 
bilateral  connection. 

The  service  includes  a  phone  adapter 
box  (Cisco’s  ATA  186)  that  plugs  into  an 


■  BY  TONI  KISTNER 

Most  network  executives  don’t  think 
twice  about  supplying  corporate  telework¬ 
ers  with  standard  PCs  with  secure  connec- 
tions.Yet,  extending  the  PBX  to  the  home  is 
often  dismissed  as  too  costly  with  compli¬ 
cated  configurations  requiring  a  visit  to  the 
teleworker’s  home. 

So  instead,  the  company  pays  for  a  sec¬ 
ond  phone  line  and  often  a  cell  phone, 
and  residential  long-distance  rates.  The 
company  risks  paying  more  money  in  the 
long  run,  and  teleworkers  risk  projecting  a 
disorganized,  less-professional  image. 

Last  week,  Mitel  Networks  introduced  a 
voice-over-IP  phone  system  that  addresses 
these  problems.  The  6010  Teleworker 
Solution  is  new  software  added  to  Mitel’s 
existing  MAS  6000  application  server. 
Geared  toward  corporate  teleworkers  and 
small  businesses  that  lack  an  IT  profession¬ 
al,  the  6010  provides  simplified  configura¬ 
tion,  beefed  up  security,  and  other  features 
that  make  it  easy  for  workers  to  shift  be¬ 
tween  the  office  and  home  environments. 


analog  phone  and  broadband  router.  One 
option  is  to  plug  the  box  into  a  cordless 
phone  base  station  to  distribute  the  service 
to  up  to  six  handset  extensions. 

Digital  Voice  includes  voice  mail,  call  wait¬ 
ing,  call  forwarding,  caller  ID,  and  three-way 
calling.  Users  can  add  and  subtract  features, 
manage  the  account,  and  retrieve  voice 
mail  via  the  Vonage  Web  site.  You  also  can 
select  an  area  code  that  matches  that  of  the 


The  6010  works  with  Mitel’s  3100  or  3300  In¬ 
tegrated  Communications  Platform  IP 
switches  and  5020  IP  phones. 

Most  corporate  home  offices  have  a 
broadband  connection,  and  a  network 
address  translation  (NAT)  router  that  sup¬ 
plies  the  devices  on  the  home  LAN 
dynamic  IP  addresses.  Typically,  IP 
phones  require  a  static  IP  address  on  the 
home  network.  But  the  6010  lets  the 
phone  tunnel  out  of  NAT.  As  it  hops 
across  the  Internet,  the  connection  cap¬ 
tures  the  header  information,  which 
includes  the  changes  in  IP  addresses, 
then  reverse-embeds  them  to  find  its  way 
back  to  the  phone. 

Mitel  says  teleworkers  can  configure  the 
phone  themselves.  They  just  plug  it  into 
an  Ethernet  port,  and  punch  in  the  IP 
address  of  the  corporate  network  on  the 
keypad. 

Security  includes  128-bit  encryption  of 
the  voice  session.  Teleworkers  can  con¬ 
nect  the  phone  to  the  PC  to  manage  calls 
from  the  desktop.  However,  to  ensure  the 
PC  isn’t  hacked  from  the  phone,  the  MAS 


main  office. 

Vonage  also  offers  an  unlimited  small 
business  package  for  $69  per  month,  or 
1,500  minutes  for  $39.99.  Future  plans 
include  offering  fax  service,  and  a  deal 
with  local  exchange  carriers  to  offer  Digital 
Voice  as  a  premium  service  to  broadband 
customers  is  in  the  works. 

Vonage:  www.vonage.com;  D-Link:  www. 
dlink.com;  Motorola:  www.motorola.com 


terminates  the  data  VPN  on  the  PC  rather 
than  the  phone. 

The  phone  provides  all  the  standard 
enterprise  calling  features,  as  well  as 
phone  twinning,  which  allows  two  IP 
phones,  one  in  the  corporate  and  one  in 
the  home  office,  to  ring  simultaneously. 
Because  the  switch  is  built  into  the 
phone,  there’s  one  less  box  sitting  on  the 
teleworker’s  desktop. 

Key  line  appearances  let  managers 
monitor  who’s  on  the  phone,  and  linking 
remote  and  in-house  workers  lets  them 
better  control  calling  costs.  For  24  users, 
the  6010  Teleworker  Solution  costs  about 
$500  per  worker,  including  the  IP  Phone. 

Mitel:  www.mitel.com 

More  online! 

Stay  on  top  of  the  latest 
news,  developments, 
reviews  and  more  in  the 
fast-changing  world  of 
convergence. 

DocFinder:  4138 


Mitel  adds  IP  phone  for  teleworkers 


A  tough  crowd 

Most  broadband  subscribers  don’t  want  to  pay  more  for  services, 
according  to  a  new  In-Stat/MDR  survey. 


Managed  firewall.  Pay  for  service? 


Yes  How  much? 
25.3/o  Ussthan$5 

$5  to  $10 


Don’t  kn*"" 

4.9% 


Entertainment  services  (gaming,  video,  digital  music). 

Pay  for  service?  n0 


How  much 


24.9%  more?  N/A 


Don  t  know 

1.6% - 


Depends  on  fee 


uepenas 

17.1% 


Note:  In-stat’s  data  on  this  chart  doesn't  add  up  to  100%. 
The  number  came  about  by  rounding. 


SOURCE:  IN-STAT/MDR  REPORT:  CONNECTED  HOME  SERVICES:  SERVICE  PROVIDERS  TAKE  ON  THE  HOME  NETWORK 


Desired  Features: 

Software-based  administration 
Saves  administrative  costs 
Cuts  toll  costs 

IP,  digital  and  analog  trunking 
Traditional  voice  calling 
VoIP  calling 

IP  and  traditional  phones 
Voice  mail 

Automatic  Call  Distribution  (ACD) 
Automated  Attendant 
Unified  Messaging 


AltiGen 

Phone  Systems 

V 

s 

s 

s 

s 

s 

s 

s 

V 

V 

V 


Web  interactions:  Web  push,  chat,  dick-to-taJk  j 

Home-based  teieworkers/call  center  agents  y 

Built  in  redundancy  y 

Integrated  Contact  Center  ^ 


Traditional 
Phone  Systems 


the  Future  of  IP  Telephony 


Picking  AltiGen... 

Makes  Phone  Communications  Easy... 

Easy  to  Cut  Costs  -  Easy  to  Manage  -  Easy  to  Use 

AltiGen's  future-proof  telephone  system  provides  the 
high  reliability  and  low  cost  of  ownership  critical  for  the  small 
to  mid-size  businesses.  Now  you  can  get  your  Phone  system 
from  a  company  you  can  trust,  a  company  who's  been  providing 
next  generation  phone  systems  since  1996. 

Call  today  to  see  why  over  15,000  small-midsize  businesses 
picked  AltiGen  as  their  Telephone  system  solution. 

Learn  how  to  choose  a  next  generation  phone  system 
Request  our  white  paper  today  at: 

www.altigen.com/nw 

AltiGen 
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SHAPING  YOUR  NETWORK 


SSL:  The  secret  handshake  of  the  ’Net 


■  BY  MATT  ROLLENDER 

Secure  Sockets  Layer  has  become  the 
de  facto  standard  for  secure  communica¬ 
tions  between  end  users  and  Internet 
sites,  and  today,  SSL  support  is  built  into 
virtually  every  browser. 

SSL  is  a  protocol  layer  that  includes  two 
subprotocols  —  the  SSL  handshake  pro¬ 
tocol  and  the  SSL  record  protocol.  Both 
provide  authenticated,  confidential  and 
tamper-resistant  connections  to  applica¬ 
tions,  particularly  HTTP.  SSL’s  small  foot¬ 
print  fits  neatly  into  the  Internets  pro¬ 
cessing  stack,  and  above  TCP/IP  and 
below  the  application  layer  without  sig¬ 
nificantly  affecting  the  other  protocol 
layers.  This  small  footprint  also  allows  it 
to  be  used  with  other  Internet  applica¬ 
tions,  such  as  intranet  and  extranet  ac¬ 
cess,  application  security,  wireless  appli¬ 
cations  and  Web  services. 

SSL  enables  secure  data  communica¬ 
tions  over  the  Internet  by  encrypting  data 
leaving  the  browser  and  decrypting  it 
after  it  is  secure  in  the  data  center.  Like¬ 
wise,  transmissions  back  to  the  client  are 
encrypted  before  they  are  sent  over  the 
Internet. 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@  nww.com). 


At  a  high  level,  SSL  sessions  consist  of 
two  parts:  the  connection  and  the  appli¬ 
cation  session.  During  the  connection, 
the  client  and  server  exchange  creden¬ 
tials  and  negotiate  the  security  para¬ 
meters.  If  the  client  accepts  the  server’s 
credentials,  a  master  secret  is  estab¬ 
lished  and  used  to  encrypt  all  subse¬ 
quent  communications. 

During  the  application  session,  the  client 
and  server  securely  pass  information 
between  each  other,  such  as  credit  card 
numbers,  stock  trading  data,  personal 
medical  data  and  other  types  of  sensitive 
or  confidential  data. 

SSL  provides  three  key  components  for 
security: 

•  Authentication  —  the  ability  to  verify 
the  server  or  both  the  server  and  client  at 
each  end  of  the  connection. 

•  Confidentiality  —  the  ability  to  en¬ 
crypt  traffic,  so  only  the  two  parties 
exchanging  the  information  can  access 
and  understand  it. 

•  Integrity  —  the  capacity  to  prevent 
message  contents  from  being  modified 
without  detection.  Receivers  can  be  sure 
they  have  received  unaltered  information. 

A  key  piece  of  the  secure  communica¬ 
tion  process  is  authenicating  the  two  par- 
ties.The  SSL  handshake  subprotocol  han¬ 
dles  this  function.  A  series  of  messages 
between  the  server  and  client  facilitate 
these  actions: 

•  Authenticate  the  server  to  the  client. 

•  Let  the  client  and  server  select  the 
cryptographic  algorithms  and  level  of 
security  they  want. 

•  Optionally  authenticate  the  client  to 
the  server. 

•  Use  public-key  cryptography  to  gener- 


SSL  is  a  protocol  layer  that 
includes  two  subprotocols  — 
the  SSL  handshake  protocol 
and  the  SSL  record  protocol. 
Together  the  two  provide 
authentication  for  Internet 


ate  shared  secret s  that  will  be  used  later  to 
transmit  the  actual  confidential  data. 

•  Establish  the  SSL  connection. 

The  SSL  record  subprotocol  is  responsi¬ 
ble  for  the  encrypted  data  transfer.  Here 
are  the  actions  taken  to  facilitate  this: 

•  The  data  is  broken  up  into  small, 
usable  chunks  called  fragments. 

•  The  data  is  protected  from  alteration 
via  an  integrity  “wrapper” 

•  The  data  is  encrypted, and  the  wrapper 
is  appended. 


Historically  many  of  the  original  appli¬ 
cations  that  used  SSL,  such  as  e-com¬ 
merce,  did  not  perform  client  authentica¬ 
tion. This  was  done  outside  the  SSL  proto¬ 
col  via  some  out  of  band  information 
such  as  a  name/credit  card  number  com¬ 
bination  or  some  other  client-provided 
data, such  as  a  password. 

However,  corporations  now  are  adopting 
SSL  as  a  protocol  for  new  applications  in 
the  data  center.  For  applications  such  as 
SSL-based  VPNs  or  those  that  require  addi¬ 
tional  verification  of  end  users,  client 
authentication  is  becoming  a  requirement. 

Client  authentication  lets  a  server  con¬ 
firm  a  user’s  identity  within  the  protocol 
using  the  same  techniques  that  allowed 
the  client  to  authenticate  the  server. 
While  the  detailed  message-flows  for  this 
type  of  authentication  are  significantly 
different,  the  process  is  the  same  con¬ 
ceptually  as  for  server  authentication. 

This  process  also  takes  place  within  the 
SSL  handshake  subprotocol.  In  this  case, 
the  client  must  present  a  valid  credential 
(a  certificate  from  a  trusted  certificate 
authority)  to  the  server.  The  server  uses 
this  information  to  validate  the  end  user 
with  standard  techniques  using  public- 
key  cryptography. 

SSL’s  pervasiveness  is  because  of  its 
flexibility  and  robustness.  Expect  to  see 
SSL’s  usage  continue  to  increase  dramatic¬ 
ally  as  it  becomes  a  key  protocol  for  enter¬ 
prise  applications,  wireless  access  de¬ 
vices,  Web  services  and  secure  access 
management. 

Rollender  is  director  of  marketing  for 
Nauticus  Networks.  He  can  be  reached  at 
mrollender@nauticusnet.  com. 


Dr.  Internet 


By  Steve  Blass 


Is  there  a  way  to  connect  customer  networks  that 
use  the  same  internal  IP  address  space  (10. XXX) 
to  a  managed  service  provider's  connection?  We 
want  to  connect  multiple  customers  who  use  the 
same  internal  addresses.  We  have  Computer 
Associates'  Unicenter  at  the  network  operations 
center  to  monitor  multiple  customer  networks. 

This  problem  finally  might  push  IPv6  ubiquity  into 
the  Internet  backbone.  Matching  IPv4  addresses 
can  be  name-mangled  and  translated  into  IPv6 


addresses  quite  nicely.  To  accomplish  the  task 
today  one  must  ensure  that  static  network  ad¬ 
dress  translation  (NAT)  addresses  are  in  use  on 
the  customer  site  so  there  is  a  stable  one-to-one 
mapping  from  private  to  public  addresses.  The 
public  addresses  are  added  to  the  management 
platform  by  hand  rather  than  through  autodiscov¬ 
ery,  and  the  customer  firewall  must  be  configured 
to  let  User  Datagram  Protocol  (UDP)-based  man¬ 
agement  traffic  such  as  SNMP  traverse  the 
Internet  boundary.  To  manage  devices  inside  the 


firewall  that  don't  have  public  NATs,  use  a  local 
management  ‘console’  inside  the  customer  net¬ 
work  (which  needs  a  public  NAT)  to  communicate 
with  the  central  management  facility.  More  back¬ 
ground  can  be  found  at  previous  Dr.  Internet 
columns  (www.nwfusion.com,  DocFinders  4133 
and  4134)  and  in  the  expert  forums. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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Technology  Update 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 


A  few  months  ago  we  reviewed  an  auto¬ 
mation  product  called  OpalisRobot 
(see  www. nwfusion.com,  DocFinder: 
4 140).  We  liked  it  a  lot,  and  several  readers 
said  that  if  we  liked  that  product,  we’d  love 
Automate  5  from  Unisyn. 

We  finally  took  a  hard  look  at  the  product 
and,  well,  wow! 

Automate  5  is  amazing,  letting  you  auto¬ 
mate  a  slew  of  repetitive  tasks  and  going 
much  further  than  any  similar  product 
we’ve  seen.  It  even  lets  you  send  key¬ 
strokes  to  applications,  add  and  remove 
items  from  the  clipboard,  move  and 
detect  the  position  of  the  mouse,  and  . . . 
well,  the  list  is  huge. 

Automate  5  tasks  can  be  triggered  by  a 
range  of  events,  including  time  schedules, 
key  presses,  changes  to  the  system  (proces¬ 
sor  load,  memory  use,  available  disk  space 
and  so  on),  file  operations  on  directories 
and  specific  files  (open,  close,  delete,  etc.), 
specific  application  events, entries  made  in 
event  logs  and  even  idle  time. 


Mark 

Gibbs 


Automate  with  Automate 


The  Automate  Task  Administrator  pro¬ 
gram  provides  access  to  and  management 
of  all  defined  tasks;  enables  and  disables 
triggers;  sets  up  system  configuration; 
examines  the  task-activity  log;  and  creates 
new  tasks. 

Defining  a  new  task  can  be  done  with  or 
without  the  included  wizard.  The  wizard 
leads  you  through  naming  the  task,  defining 
one  or  more  triggers  if  any  are  needed 
(manually  launched  tasks  don’t  require  trig¬ 
gers)  and  then  editing  the  task’s  script.  The 
latter  invokes  the  Automate  Task  Builder. 

Automate  Task  Builder  presents  a  win¬ 
dow  with  three  panes:  the  Available  Ac¬ 
tions  pane,  which  provides  a  tree-struc¬ 
tured  view  of  all  actions  or  operations  that 
can  be  added  to  the  task;  a  pane  for  the 
task  script;  and  a  pane  for  various  debug¬ 
ging  displays. 

To  build  a  task  you  select  the  actions  you 
need  and  drag  them  to  the  script  pane. 
Each  action  will  raise  a  dialog  as  it  is 
dropped  so  you  can  set  the  parameters  for 
the  action. 

For  example,  for  the  FTP  Download 
action  you  only  need  to  set  the  target  site, 
log  in  user  and  the  directory  and  file  to  re 
trieve  and  save  to. 

For  all  actions  you  can  set  other  parame 
ters  and  error-handling  action.  The  latter 
lets  you  ignore  errors,  take  action  for  spe 


cific  problems  or  abort  the  entire  task. 

More  than  100  actions  are  defined  in  the 
Task  Builder.These  actions  include  Internet 
(FTP  operations,  HTTP  download  and  post, 
POP3  retrieval  and  Simple  Mail  Transfer 
Protocol  send), File  (open, close  and  read), 
Network  (send  message  and  map  drive), 


_J  GEARHEADSCOREGARD 


Product:  Automate  5 


Functionality . A 

Overall  grade 

Elegance . A 

A 

Value  for  money . .A 

A 

Vendor:  Unisyn 

www.unisyn.com 


Database  (SQL  query  and  stored  proce¬ 
dure)  and  Services  Control  (start,  stop, 
pause,  resume,  install  and  remove). 

There  also  are  specific  actions  for  pro¬ 
gram  flow  including  Variables  (setting,  mod¬ 
ifying  and  deleting),  Loop  Actions  (to  ex¬ 
amine  windows,  files  and  processes)  and 
How  Actions  (if-else  and  end-if). There  are 
even  actions  for  manipulating  the  Windows 
registry  adding  to  the  system  log,  executing 
DDE  communications,  performing  text  to 
speech  and  Basic  Scripts. 

Basic  Scripts  underlie  the  whole  script 


www.nwfusion.com 


system  —  the  actions  you  drag  to  the  script 
panel  are  code  blocks.The  version  of  Basic 
used  is  called  AML  and  is  similar  to  Micro¬ 
soft  Visual  Basic  for  Applications.  You  also 
can  toggle  the  script  pane  view  to  display 
the  script  as  AML  and  edit  it  directly. 

Coding  AML  lets  you  create,  when  need¬ 
ed,  scripting  that  goes  beyond  what  can 
be  built  using  the  action  drag-and-drop 
interface  alone. That  said,  what  can  be  cre¬ 
ated  without  dirtying  your  hands  with 
coding  is  awesome! 

Tasks  launched  by  triggers  or  by  using  the 
Automate  Task  Administrator  are  executed 
by  what  is,  in  effect,  a  runtime  system  run¬ 
ning  as  a  Win32  service  interfaced  to  a 
“stub”  executable  that  runs  under  the 
account  of  the  user  that  launched  the  task 
(it  shows  up  in  the  Windows  system  tray). 

We  have  few  criticisms  of  the  product 
beyond  some  details  that  are  missing  from 
the  documentation  and  lack  of  SNMP 
actions,  and  we’d  like  to  see  more-detailed 
error  reporting. 

We  highly  recommend  Automate  5.  It  is  a 
remarkable  product,  and  Unisyn  has  plans 
to  add  more  actions  to  improve  Internet 
and  network  functionality  And  for  $350  for 
one  copy,  it  is  the  best  Automation  product 
we’ve  seen. 

Your  task?  Write  to  gearhead@gibbs.com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Cool  battery,  smart  spam  stopper 


Here  are  two  more  products  we’ve  been  testing  recently: 

N-Charge  Power  System 

Devices  that  give  your  laptop  extra  power  when  you’re 
traveling  are  nothing  new,  but  having  the  same  device 
recharge  your  handheld  device  and  mobile  phone  at  the 
same  time  is.  Valence  Technology  (www.valence.com) 
sent  us  one  of  its  N-Charge  Power  Systems  (VNC-130), 
which  gave  us  extra  battery  life  for  our  notebook  and 
could  recharge  our  iPaq  PDA  at  the  same  time  (it  also 
can  recharge  a  cell  phone). 

The  system  works  with  sever¬ 
al  models  of  notebooks 
(including  Apple,  Compaq,  HR 
IBM,  Dell  and  Sony),  and  is 
small  enough  (11.81  by  9.06 
by  0.51  inches)  to  fit  in  your 
laptop  bag,  although  it  adds 
about  three 
pounds  of 
weight. 

Still, when 


The 

VNC-130  gives  extra 
battery  life  to  laptops 
and  cell  phones. 


you’re  on  the  road,  it  can  be  worth  it  to  get  the 
extra  battery  life,  up  to  10  hours,  according  to 
Valence. 

The  setup  is  simple  —  just  take  the  power 
adapter  from  your  notebook  to  charge  up  the 
N-Charge  device.  Another  cable  lets  you  con¬ 
nect  to  the  notebook  so  you  can  charge  the 
N-Charge  device  and  your  notebook  at  the 
same  time  (charging  in  this  case  takes 
longer).  After  the  N-Charge  is  charged,  you  now  have  an 
extra  “battery”  that  can  recharge  your  notebook  and  your 
handheld. 

The  VNC-130  costs  $300  (Valence  also  has  a  $150  model 
that  has  less  battery  life). 

Sunbelt  Software's  IHateSpam 

When  your  e-mail  address  is  as  public  as  mine  is  (it’s 
at  the  bottom  of  this  column  and  all  over  our 
Web  site),  you  get  a  lot  of  spam.  But  I  also  get 
legitimate  e-mail  that  looks  like  spam,  such  as 
product  pitches  from  public  relations  agencies 
and  technology  e-mail  newsletters. 

Blocking  spam  based  on  e-mail  addresses  does¬ 
n’t  work  anymore;  spammers  just  get  a  new  e- 
mail  address  from  a  free  service.  1  can’t  block 
entire  domains  (many  public  relations  people 
use  free  e-mail  services),  and  1  can’t  allow  only 
certain  e-mail  addresses,  as  public  relations  peo¬ 
ple  change  almost  every  week.  I  need  a  filter  that 
can  tell  what  email  is  spam  and  what  email  is 
legitimate. 

The  $20  IHateSpam  software  from  Sunbelt  Soft¬ 
ware  (www.sunbeltsoftware.com)  comes  very 
close  to  this  goal.  It  uses  a  scoring  system  that 


IHateSpam  does  a  good 
job  of  filtering  out  spam, 
and  you  can  instruct  it 
to  be  even  smarter. 


reads  everything  about  the  message  —  the 
sender,  subject  line  and  body  of  the  e-mail  — 
and  gives  it  a  score  threshold.  Scoring  high  on 
the  threshold  moves  the  message  into  a  “quar¬ 
antine”  folder  that  sits  underneath  the  Inbox 
folder  in  my  Outlook  client.lt  also  sets  up  a  list 
of  “friends”  and  “enemies"  that  lets  the  user  tell 
the  software  which  e-mail  addresses  are  good 
and  which  aren’t. 

Initially,  the  software  scans  your  “Sent  Items”  folder  and 
adds  those  email  addresses  to  your  “friends”  list,  the 
assumption  being  that  if  you  reply  to  one  of  these,  then  it 
isn’t  spam.  (If  you  responded  to  a  spam  message  but  did¬ 
n’t  want  additional  messages, you  can  put  the  address  on 
the  “enemies”  list.)  After  that,  as  new  email  comes  in,  the 
software  goes  to  work  to  determine  if  it’s  spam. 

What’s  cool  about  this  is  the  software’s  ability  to  learn. 
After  it  starts  filtering,  a  user  can  tell  the  software  whether 
email  is  legitimate  or  whether  it’s  spam.  If  the  user  says 
something  is  spam,  the  email  is  sent  to  Sunbelt  for  human 
beings  to  analyze, so  the  software  engine  can  be  improved. 
This  is  similar  to  vendors  that  examine  virus  signatures. 

While  I  was  hoping  for  100%  accuracy  right  off  the  bat 
(I’m  a  dreamer),  it’s  not  the  case. You  do  have  to  spend  a 
few  days  telling  the  software  what’s  good  and  what’s  not. 
Still, after  four  days  on  the  system  (including  over  a  week¬ 
end,  when  we  get  most  of  our  spam),  the  software  had 
reached  a  point  at  which  I  wasn’t  seeing  tons  of  spam  in 
the  in-box. 

Sunbelt  says  a  server  version  of  the  software  is  in  the 
works, so  stay  tuned  if  you  want  to  deploy  to  hundreds  or 
thousands  of  end  users. 

Shaw  can  be  reached  at  kshaw@nww.com. 
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EDITORIAL 

John  Dix 

IP  PBXs: 

Telling  the 
players  apart 

At  the  first  Network  World  Showdown  at  the  Voice  on 
the  Net  show  last  February  we  asked  a  panel  of  IP 
PBX  vendors  if  IP  telephony  was  ready  for  prime 
time. They  assured  us  it  was,  although  the  debate  that 
endued  was  littered  with  fundamental  questions  that 
exposed  some  raw  spots. 

We  followed  that  up  at  the  Fall  VON  last  September  with 
a  showdown  pitting  three  IP  PBX  vendors  against  three  IP 
Centrex  service  providers.  When  we  asked  the  audience 
to  vote  for  the  team  that  told  the  most  compelling  story 
the  crowd  gave  the  win  to  the  IP  Centrex  folks. 

Now  we’re  gearing  up  for  Spring  VON  ’03  and  bringing 
the  focus  back  to  the  IP  PBX  camp.  Although  this  market 
is  still  young,  it  is  mature  enough  that  we  no  longer  need 
to  ask  ourselves  if  the  technology  works.  Instead,  we’re 
inviting  some  of  the  biggest  vendors  in  the  business  to 
discuss  what  makes  their  products  unique. 

As  the  early  technology  debates  fade,  the  IP  PBX  sup¬ 
pliers  increasingly  are  turning  their  energies  to  differen¬ 
tiating  their  wares,  touting  everything  from  innovative 
station  alternatives  to  management  controls  and  secur¬ 
ity  capabilities. 

We’ll  talk  about  those  and  other  differences,  including 
call-center  support,  the  simplicity  of  moving  to  unified 
messaging,  and  the  manner  in  which  new  applications 
are  developed. 

That’s  not  to  say  some  core  technology  discussion 
won’t  creep  in.  Questions  remain  about  single-number 
portability, support  for  remote  nodes  and  even  the  man¬ 
ner  in  which  vendors  meet  the  requirements  of  the  Amer¬ 
icans  with  Disabilities  Act.  We’ll  sample  these  where 
appropriate. 

We  call  on  Alcatel,  Avaya,  Cisco,  Mitel  and  Nortel 
to  participate  in  this  Network  World  Showdown, “IP 
PBXs:  Telling  the  players  apart,”  at  Spring  VON,  from  5  to 
6:30  p.m.  March  31  at  the  San  Jose  Convention  Center 
(to  register,  go  to  VON. com). They’ll  have  until  March  3 
to  confirm. 

To  refresh  your  memory  on  how  these  Showdowns 
work:  In  the  first  part  of  the  session, yours  truly  and  co¬ 
host,  Mike  Hommer,  manager  of  consulting  for  Miercom, 
which  is  a  member  of  the  Network  World  Global  Test 
Alliance,  pose  questions  to  the  individual  vendors.In  the 
second  third,  Hommer  and  1  play  referee,  letting  the  ven¬ 
dors  question  each  other.  And  finally  we  open  it  up  to 
members  of  the  audience. 

So  plan  to  join  the  debate  this  spring,  and  in  the  mean 
time  send  along  any  questions  you  would  like  to  see 
addressed. 
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opinions 


Glue  giving 

Regarding  Mark  Gibbs’  Backspin  column  “Christmas 
clue  giving”  (www.nwfusion.com,  DocFinder  4122):  1 
would  like  to  give  a  clue  to  everyone  who  has  missed 
the  basic  problem  with  spam  —  that  we  pay  for  the 
infrastructure  to  enable  our  use  of  the  Internet. 
Spammers  do  not  compensate  us  for  their  use  of  our 
facilities  and  in  effect  are  stealing  service  from  us. 

The  root  cause  of  this  problem  is  that  e-mail  can 
be  transmitted  essentially  for  free.  This  concept  is 
fine  within  a  company  or  college  campus, but  not  in 
the  commercial  world. 

There  is  a  similar  problem  in  the  world  of  direct 
telephone  solicitation.  The  telemarketing  flaks  are 
taking  advantage  of  one  of  the  most  important  rules 
of  debate:  If  you  can  control  the  definition  of  the 
terms,  you  are  very  likely  to  win  the  argument. They 
talk  about  “freedom  of  commercial  speech,”  but 
they’ve  sidestepped  the  main  point: That  we  pay  for 
the  phone  and  the  phone  line, and  they  demand  our 
time,  without  compensation,  to  answer  their  calls.  1 
generally  hang  up  on  telemarketers  right  away  But  if 
I’m  feeling  charitable,!  tell  them, “This  phone  is  for 
my  convenience,  not  yours.  Do  not  call  back,”  and 
hang  up  on  them. 

For  the  Internet  to  fully“grow  up, ’’there  will  have  to 
be  a  charge  for  transmitting  data,  whether  it  be  mail, 
video  or  data.  It’s  just  simple  economics. 

Steve  Sacco 
Maitland,  Fla. 

Dream  tablet 

Regarding  Mark  Gibbs’  Backspin  column  about  his 
desire  to  see  a  real  tablet  computer  this  year 
(“Dream  tablet,”  DocFinder:  4123):  There  is  just  no 
way  that  a  pen-centric  computer  will  appeal  to  any- 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  Editor  In 
Chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


one  with  any  facility  using  a  keyboard,  if  there’s  any 
serious  amount  of  input  to  be  done. 

The  keyboard  is  the  reigning  champion  for  the 
human/computer-input  interface.  This  is  because 
text  input  is  still  the  ruling  paradigm  for  most  tasks, 
and  the  keyboard  is  still  the  best  way  to  make  that 
happen. 

Kurt  Buff 
Redmond, Wash. 

Regarding  Mark  Gibbs’  tablet  PC  design  factor  of 
“Instant  on,  instant  off  and  instant  reboot”:  I  have 
been  wondering  for  years  why  the  PC  manufactur¬ 
ers  don’t  do  something  that  was  done  when  non- 
IBM  style  PCs  first  hit  the  market:  have  the  operating 
system  encoded  to  chips  on  the  motherboard. 
Commodore,  Timex-Sinclair  and  Tandy  all  had 
some,  if  not  all,  of  the  base  operating  system  on 
chips.  Bootup  was  relatively  fast,  considering  the 
speed  of  the  CPUs. With  today’s  CPU/bus  speeds,  hav¬ 
ing  at  least  the  operating  system  kernel  on  flash 
chips  on  the  motherboard  would  make  the  PC 
boot/reboot  as  if  it  had  never  been  turned  off;  even 
faster  to  get  back  to  a  usable  state  than  coming  out 
of  sleep/hibernate/suspend  modes. 

Upgrades  could  be  written  to  the  flash  the  same 
way  BIOS  is  upgraded  today,  via  a  bootable  floppy  (a 
good  reason  for  keeping  the  a:  drive).  With  a  little 
forethought  concerning  security  of  the  operating 
system  kernel,  we  could  be  assured  of  a  virus-free 
bootup  by  interrupting  the  loading  of  infected  appli¬ 
cations.  We  could  even  clean  an  infected  PC  by  wip¬ 
ing  the  RAM  and  then  virus  scan  from  the  kernel 
operating  system  implementation. 

This  would  require  Microsoft  to  designate  some 
portion  of  operating  system  code  as  minimum  for 
PC  operations.That  might  be  the  hardest  thing  to  do. 

Carl  Atkins 
Network  analyst 
Virginia  Commonwealth  University 
Richmond, Va. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  4121 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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ON  THE  ROAD 

Chris  Shipley 


Mining  value  from  tech  events 


It 


onventional  wisdom  says  that  in  todays 
economic  downturn,  technology  inno¬ 
vation  is  dead,  or  at  least  sleeping  very 
soundly  Nothing  could  be  further  from  the 
truth.  While  producing  the  annual  Demo  Con¬ 
ference,  I  spend  the  year  talking  to  hundreds 
of  executives,  entrepreneurs,  investors,  inven¬ 
tors,  IT  customers  and  other  industry  seers.  1  read  and  watch,  and  in 
time  1  can  knit  the  connective  tissue  among 
those  conversations  into  a  program  that  shines 
a  light  into  dark  places  and  brings  clarity  to  a 
foggy  future. 

It’s  popular  today  to  presume  that  there  is  no 
light  and  the  fog  won’t  lift,  but  from  all  those 
conversations  I  can  tell  you  that  innovation  is 
alive  and  kicking  in  start-ups  and  established  technology  ventures. 

Today  the  process  of  selecting  just  60  companies  to  introduce  new 
products  —  companies  that  are  doing  truly  innovative  work,  whose 
products  and  technologies  reset  the  bar  in  their  respective  market 
places  —  is  really  difficult. 

In  corporations,  new  technology  is  focused  on  taming  the  infrastruc¬ 
ture  monster  that  was  built  during  years  of  rich  IT  spending.  At  Demo 
2003,  Feb.  16-18  in  Scottsdale,  Ariz.,  we’ll  highlight  new  products  that 
leverage  IT  assets,  align  IT  development  with  business  priorities  and 
demonstrate  that  Web  services  are  very  real.  We’ll  see  security  products 


that  claim  to  be  hackerproof.And  we’ll  host  an  array  of  solutions  to  nag¬ 
ging  IT  issues,  including  spam  blocking  and  management,  knowledge 
management,  and  business  communications  and  collaboration.  (For 
more  information  on  Demo  2003,  go  to  www.nwfusion.com, 
DocFinder:4128.) 

New  core  technologies  will  show  great  progress  in  user  interface,  dig¬ 
ital  video  and  next-generation  communication  devices.  And  don’t 
believe  that  technology  has  turned  its  back  on  the  consumer  market. 

Demo  will  serve  as  the  launch  venue  for  a  half- 
dozen  new  consumer  products. 

These  days,  it’s  tough  to  afford  a  day  away 
from  the  office,  let  alone  the  travel  costs  and 
registration  fees  that  tally  up  at  a  three-day 
conference.  And  with  the  “booze  and 
schmooze”  reputation,  it’s  even  tougher  to  jus¬ 
tify  the  expense  to  management.  But  if  you  are  planning  to  buy  tech¬ 
nology  in  the  next  six  months,  you  need  to  spend  your  technology 
budget  carefully.  If  those  dollars  are  better  spent  because  you  have 
made  the  investment  in  time  and  money  looking  at  the  technologies 
that  would  help  you  manage  your  business  and  networks  more  effec¬ 
tively,  then  the  cost  of  attending  an  event  such  as  Demo  would  be 
well-justified. 

Shipley  is  executive  producer  of  The  Demo  Conferences.  She  can  be 
reached  at  chris@demo.com. 
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TELECOM  CATALYST 

Daniel  Briere 


If  you  are  reading  this  publication, 
chances  are  you  love  gadgets.  Let’s  face 
it,  we  all  love  technology,  and  if  we  could 
do  nothing  but  track  the  latest  gadgets,  we 
probably  would. 

Now  more  than  ever  though,  there’s  a  hid¬ 
den  message  in  gadget  mania,  and  it  has  to  do  with  your  telephone 
company  its  future  offerings  and  your  IT  environment.  Consumer-goods 
manufacturers  are  in  a  rush  to  network-enable  everything  under  the 
sun.  With  that  network-enablement  comes  a  host  of  new  services,  gad¬ 
gets  and  trends  that  will  undoubtedly  affect  businesses. 

With  telecom  innovation  in  a  slump  and  pressure  on  service  pro¬ 
viders  to  deploy  new  revenue-generating  services  with  a  quick  return 
on  investment,  there’s  not  much  new  happening  on  the  services  front. 
New  launches  are  being  scaled  back,  and  regulation  again  holds  the 
key  to  whether  it  all  gets  jump-started  again. 

But  the  consumer  space  is  booming.  Nowhere  is  this  more  pro¬ 
nounced  than  at  the  Consumer  Electronics  Show  (CES)  held  recently 
in  Las  Vegas.  As  experience  with  PDAs  and  other  consumer  goods  has 
shown  (note  1  called  PDAs  a  consumer  device),  employees  will  adopt 
what  they  think  will  make  them  more  efficient  and  life  more  fun,  and 
leave  it  for  IT  managers  to  figure  out  later  what  to  do. 

So  what  happens  when  your  employees  can  surf  onto  the  corporate 
intranet  from  their  TV  set?  At  CES,  Prismiq  showed  off  a  best-of-show 
$250  wireless-supported  device  for  doing  instant  messaging  and  Web 
browsing  on  the  TV,  in  addition  to  consumer  favorites  such  as  playing 
MP3s  and  videos  —  all  via  a  link  to  your  computer,  which  can  be  rooms 
away  Heard  it  before  with  WebTV?  Sure,  but  it’s  getting  better  and  bet¬ 
ter,  and  now  with  wireless  links  between  computers  (and  the  broad¬ 
band  connection)  and  the  entertainment  center, a  whole  new  realm  of 
revenue  opportunities  for  service  providers  comes  in. 

How  many  times  have  people  said, “No  one  wants  to  watch  a  movie 
on  their  computer?”  A  lot.  Despite  that,  DVD  drives  for  laptops  are  now 
almost  standard  issue.  But  getting  that  DVD  to  the  TV  has  been  con¬ 
strained  by  a  huge  divide  between  the  computing  and  entertainment 


Gadgets  show  IT's  future 


domains  in  the  home.  With  the  advent  of  new  standards  such  as  the 
UPnP  media  server  specifications,  transport  layers  are  in  place  for  get¬ 
ting  content  off  the  PC  and  onto  the  TV 

But  computer  images  look  bad  on  TVs,  you  say  Yes  they  do,  but  you 
can  get  42-inch  wide-screen  plasma  TVs  for  less  than  $3,000.  Even  bet¬ 
ter,  you  can  get  a  HDTV-ready  43-inch,  Digital  Light  Processing  rear-pro¬ 
jected  display  from  Samsung  for  about  $3,500.  Those  prices  are  drop¬ 
ping  50%  or  more  per  year. 

So  outside  of  loving  gadgets  and  wanting  a  wide-screen  TV  why  care? 
Because  these  technologies  are  filtering  into  the  business  environment. 
Wide  screens  are  all  over  trade-show  booths  and  executive  offices.The 
proliferation  of  802.1  lx  wireless  standards  has  moved  into  unlikely 
places  such  as  the  car  and  beyond  the  home.  And  some  products 
seemingly  geared  for  the  home  would  work  great  in  the  office.  My 
favorite  is  the  Siemens/Efficient  Networks  HomePlug-enabled  Speed- 
Stream  modules  that  allow  you  to  plug  a  $100  access  point  into  the  wall 
and  hop  onto  your  broadband  connection  via  USB,  Ethernet  or  Home- 
Plug  at  the  other  end.  Pretty  darn  cool,  easy  to  install  and  the  price  is 
expected  to  drop  substantially  in  the  future. 

We  expect  the  newest  round  of  802.1  lg  products  from  a  variety  of 
vendors  to  cost  about  the  same  as  the  present  802. 1  lb  products  almost 
as  soon  as  they  come  out, and  the  802.1  lb  products  on  the  market  are 
going  to  cost  about  half  as  much  as  they  do  today  What  does  that  do 
for  your  network  plans?  Have  some  dead  zones  in  your  office?  Just  pick 
up  another  access  point.  With  more  products  shipping  with  802.11 
onboard,  it’s  inevitable  that  they  will  show  up  at  work.  And  how  are  you 
going  to  put  VPNs  on  those  items?  Better  get  cracking. 

It’s  critical  to  stay  on  the  forefront  of  all  the  things  going  on  in  the  con¬ 
sumer  arena.  Go  to  a  consumer  show  every  once  in  a  while,  not  just  the 
telecom  and  IT  shows.  More  and  more,  the  power  of  the  broadband- 
enabled  home  is  going  to  show  up  in  the  office. 


More  and  more, 
the  power  of  the 
broadband- 
enabled  home  is 
going  to  show  up 
in  the  office. 


Briere  is  CEO  of  TeleChoice,  a  market  strategy  consultancy  for  the 
telecommunications  industry.  He  can  be  reached  at  telecom 
catalyst@telechoice.  com. 
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O  Visit  attend.supercomm20Q3.com 
O  Register  for  FREE,  register.supercomm2003.com 
O  Sign  up  for  education.  education.supercomm20Q3.com 
O  Go  to  Atlanta  in  June,  atlanta.supercomm2003.com 


Smart  companies  know  that  one  event  can  help  them  stay  ahead  of  their  competition:  SUPERCOMM.  That's  because  each  year 
SUPERCOMM  brings  together  the  latest  communications  and  IT  technologies  from  around  the  world.  At  one  time  and  in  one 
place,  attendees  can  productively  gather  the  pertinent  information  they  need  for  the  decisions  ahead.  Through  exhibitors  and 
more  than  200  education  sessions,  they  can  get  a  solid  sense  of  hot  issues  from  security  to  storage,  Wi-Fi  to  VPNs.  They  can  also 
make  key  contacts  with  individuals  instrumental  to  their  long-term  objective.  No  wonder  global  private  and  public  sector  organi¬ 
zations  insist  on  having  representatives  at  SUPERCOMM.  To  discover  your  future  success,  go  to  supercomm2003.com  and  register 
your  representatives  now  June  1-5  2003,  Atlanta  Georgia,  supercomm2003.com 
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The  El  200  is  one  kickin'  switch. 

The  ForcelO  E1200  was  the  only  one  of  five  enterprise-class  Ethernet 
switches  that  could  open  the  throttle  to  a  full  10  gigs  in  our  first-ever 
comprehensive  performance  test  of  these  high-speed  boxes. 


Mixed  results:  Only  ForcelO  delivers  10G  bit/sec  throughput, 
but  all  switches  boast  impressive  features. 


NetworkWorid 


HANDSON 

TEST 


Lm  BY  DAVID  NEWMAN,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

ab  tests  prove  that  most  first-generation  10G  Ethernet  switches  don’t  deliv¬ 
er  anywhere  close  to  10  gigabits  of  throughput.  But  the  latest  backbone 
switches  do  deliver  more  bandwidth  than  earlier  gear  that  used  link 
aggregation,  and  they  do  a  better  job  of  quality-of-service  enforcement. 


In  Network  World’s  first  hands-on  assessment  of  the  new 
10G  Ethernet  switches,  we  put  boxes  from  five  major  ven¬ 
dors  through  a  comprehensive  set  of  performance  tests  — 
both  1  and  10  Gigabit  flavors  of  Ethernet.  Avaya,  ForcelO 
Networks,  Foundry  Networks,  HP  and  Nortel  accepted  our 
challenge.  Other  major  players  went  missing,  citing  vari¬ 
ous  reasons  (see  www.nwfusion.com,  DocFinder:  4131). 

Hardware  gremlins  plagued  Nortel’s  devices,  and  we 
couldn’t  obtain  valid  results.  For  the  remaining  players,  the 
results  offer  limited  encouragement: 

•  ForcelO’s  E1200  delivers  true  10G  bit/sec  throughput 
with  any  frame  size,  a  performance  that  earned  it  the 
NetworkWorid  Blue  Ribbon  award. 

•  Foundry’s  Fastlron  400  and  HP’s  ProCurve  Routing 
Switch  9300m  series  (which  HP  buys  from  Foundry) 
achieved  fast  failover  times. 

•  Avaya’s  Cajun  P882  MultiService  Switch  kept  jitter  to  a 


minimum  and  dropped  no  high-priority  packets  in  our 
QoS  tests. 

But,  when  all  is  said  and  done,  none  of  these  first-gener¬ 
ation  devices  represent  the  perfect  switch.  ForcelO’s  E1200 
aced  the  throughput  tests,  but  its  delay  and  jitter  numbers 
are  far  higher  than  they  should  be.  As  for  the  others,  they 
won’t  really  be  true  10  Gigabit  devices  until  they  get 
capacity  upgrades. 

While  the  10  Gigabit  performance  results  are  disappoint¬ 
ing,  it’s  important  to  put  those  numbers  in  context.  Few,  if 
any,  users  are  planning  pure  10G  Ethernet  networks,  so 
these  devices  support  a  variety  of  interfaces  and  other  fea¬ 
tures  useful  for  enterprise  core  networking,  such  as  sup¬ 
port  for  highly  redundant  components  and  multiple 
device  management  methods  (see  full  feature  listing  at 
DocFinder:  4126).  It’s  important  to  note  that  these  switches 
did  a  pretty  good  job  of  handling  tasks  not  directly  related 
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to  10G  Ethernet, such  as  failover  and  QoS 
enforcement. 

To  the  tests 

We  evaluated  switch  performance  with 
four  sets  of  tests:  10  Gigabit  alone;  Gigabit 
Ethernet  across  a  10G  Ethernet  backbone; 
failover  times;  and  QoS  enforcement. 

The  main  goal  of  our  pure  10G  Ethernet 
tests  was  to  describe  the  basic  forward¬ 
ing  and  delay  characteristics  of  the  new 
technology. Would  it  really  go  at  10  giga¬ 
bits?  And  how  much  delay  and  jitter 
would  the  new  interfaces  incur  at  that 
speed? 

To  answer  these  questions,  we  set  up  a 
test  bed  comprising  a  single  switch 
equipped  with  10G  Ethernet  interfaces 
and  SmartBits  traffic  generator/analyzers 
from  Spirent  Communications  (see  How 
we  did  it,  page  44).  All  vendors  supplied 
four  10G  Ethernet  interfaces  for  this 
event  except  Avaya,  which  supplied  two. 

We  configured  the  SmartBits  to  offer 
traffic  from  more  than  2,000  virtual  hosts 
(more  than  1,000  hosts  in  Avaya’s  case), 
representing  the  large  number  of  devices 
attached  to  a  typical  10  Gigabit  switch. 

We  used  three  frame  sizes:  64-byte 
frames,  because  they’re  the  shortest 
allowed  in  Ethernet,  and  as  such  offer 
the  most  stressful  test  case;  256-byte 
frames,  because  they’re  close  to  the 
median  frame  length  of  around  300 
bytes  as  observed  on  various  Internet 
links;  and  1,518  bytes,  the  maximum 
allowed  in  Ethernet  and  the  size  used  in 
bulk  data  transfers. 

Only  one  switch  —  ForcelO’s  E1200  — 
actually  delivered  true  line-rate  through¬ 
put  (see  Figure  bright). Impressively, the 
E1200  moved  traffic  at  line  rate  with 
short,  medium  and  long  frames.  In  all  our 
baseline  tests,  the  E1200  did  not  drop  a 
single  frame. 

Avaya,  Foundry  and  HP  boxes  moved 
traffic  at  roughly  80%  of  line  rate.  Avaya 
and  Foundry  representatives  on-site  for 
testing  said  switch  fabrics  that  topped 
out  at  8G  bit/sec  limited  their  devices, 
and  that’s  generally  consistent  with  the 
frame  rates  these  switches  achieved. 

In  the  best  case,  Foundry  moved  traffic 
at  86%  of  line  rate  when  handling  64-byte 
frames,  a  result  Foundry  explained  by 
saying  its  switch  fabric  actually  has  a  bit 
more  than  8G  bit/sec  of  capacity 

Maybe  so,  but  in  tests  with  four  inter¬ 
faces  Foundry’s  throughput  with  256-  and 
1,518-byte  frames  was  only  about  5.5G 
and  5G  bit/sec,  respectively.  Curiously,  the 
HP  switch  achieved  throughput  close  to 
8G  bit/sec  per  interface  for  all  frame 
lengths,  even  though  Foundry  manufac¬ 
tures  both  vendors’  switches.  One  possi¬ 
ble  explanation  is  that  Foundry  and  HP 
supplied  different  software  versions  for 
testing.  Given  HP’s  higher  throughput 
(and  Foundry’s,  when  tested  with  just 
two  interfaces)  some  performance  issue 
with  the  software  image  could  explain 
the  difference. 

It  should  be  noted  that  Avaya  supplied 
two  10G  Ethernet  interfaces  for  testing, 
vs.  foui  hum  other  vendors.  Single-port- 


Throughput  tests  showed  that  Foundry's 
Fastlron  400  topped  out  at  8G  bit/sec 
because  of  the  switch's  fabric  design,  but  the 
box  still  yielded  very  strong  results  in  delay 
and  jitter  performance  tests. 

pair  configurations  are  generally  less 
stressful  than  the  four-way  full  mesh  we 
used  to  test  other  switches. 

One  other  note  is  that  there  are  small 
differences  between  theoretical  maxi¬ 
mum  rates  and  the  actual  rates  of 
ForcelO’s  El 200. This  does  not  mean  the 
E1200  dropped  frames.The  IEEE  specifi¬ 
cation  for  10G  Ethernet  lets  rates  vary  by 
up  to  3,000  frames  per  second  because 
of  clock  skew;  in  our  tests,  the  actual 
amount  of  slippage  was  far  less. 

Delay  tactics 

For  some  users,  delay  and  jitter  (delay 
variation)  are  even  more  important  mea¬ 
sures  of  a  switch  than  its  speed,  especial¬ 
ly  when  real-time  applications  are 
involved.  In  Gigabit  Ethernet  switches, 
delays  typically  are  measured  in  the  tens 
of  microseconds.  We  expected  a  tenfold 
delay  reduction  with  the  10  Gigabit 
devices,  but  that’s  not  what  we  found. 

Delay  should  be  close  to  nil  at  10  Gigabit 
rates.  Consider  a  hypothetical  perfect 
switch  that  adds  no  delay  of  its  own.  At  10 
Gigabit  rates,  it  would  take  just  67  nanosec 
to  transmit  a  64-byte  frame  and  1,230 
nanosec  to  transmit  a  1,518-byte  frame. 
These  numbers  are  far  below  the  thresh¬ 
old  at  which  the  perceived  performance 
of  any  application  would  be  affected. 

In  the  real  world,  delays  are  much  high¬ 
er  (see  Figure  2,  right).  With  an  offered 
load  of  10%,  where  delay  is  the  result  of 
simple  forwarding  and  no  other  effect 
such  as  queue  buildup,  we  recorded  aver¬ 
age  delay  ranging  from  4.3  microsec  for 
Foundry’s  Fastlron  400,  with  64-byte 
frames  to  46  microsec  for  Avaya’s  Cajun 
P882,with  1,518-byte  frames.  For  the  time- 
curious,  1  millisec  is  one-thousandth  of  a 
second;  1  microsec  is  one-thousandth  of 
a  millisec;  and  1  nanosec  is  one-thou¬ 
sandth  of  a  microsec. 

While  none  of  the  delays  are  anywhere 
close  to  the  point  at  which  a  single  switch 
would  affect  application  performance, 
there  are  two  caveats  to  bear  in  mind. 

First,  while  it’s  true  that  the  point  at  which 
applications  suffer  is  in  the  milliseconds, 
it’s  also  true  that  delay  is  cumulative. Thus, 
a  network  built  with  many  switches  could 
suffer  from  more  delay  overall. 

Second,  there’s  no  good  reason  why  a 
10  Gigabit  device  should  hang  on  to  a 
frame  for  30  to  50  microsec.  For  example, 
for  ForcelO’s  El 200  to  add  31.9  microsec 
when  handling  64-byte  frames;  it  had  to 
buffer  46  frames  at  a  time. 

ForcelO  says  the  software  it  supplied  for 
testing  was  optimized  to  produce  the 
lowest  delays  under  heavy  loads.The  ven¬ 
dor  says  its  shipping  software,  Version 


4. 1.1,  and  a  configuration  change  will 
reduce  delay  by  up  to  50%.  We  did  not 
verify  this  claim. 

The  Foundry  and  HP  boxes  did  the  best 
job  of  keeping  delay  to  a  minimum.  Even 
in  the  worst  case  —  HP  with  1,518-byte 
frames  —  average  delay  was  only  7.6 
microsec.That’s  not  just  a  big  improvement 
over  the  delay  that  Gigabit  Ethernet  boxes 
add;  it’s  significantly  lower  than  some  other 
vendors’  best  delay  numbers  with  10G 
Ethernet  interfaces  at  any  frame  length. 

For  voice-over-IP  or  video  applications, 
jitter  is  even  more  critical  a  metric  than 
delay.  Our  jitter  measurements  showed 
that  switches  with  the  least  delay  —  from 
Foundry  and  HP  —  also  recorded  negligi¬ 
ble  amounts  of  jitter  (see  Figure  2,  left). 
For  both  vendors,  jitter  was  as  low  as  100 
nanosec,  the  minimum  our  test  instru¬ 
ments  could  record. 

To  its  credit,  Ayava’s  Cajun  P882  also 
kept  jitter  down  in  the  hundreds  of  nano¬ 
seconds,  at  least  four  orders  of  magnitude 
below  the  point  at  which  application  per¬ 
formance  would  suffer. 

ForcelO’s  jitter  numbers  were  higher  than 
the  others  and  generally  represented  about 


‘Tested  with  2  ports;  all 
others  tested  with  4  ports. 


25%  of  the  average  delay  This  means 
switch  delay  could  swing  up  or  down  by 
25%  over  time,  and  that’s  a  relatively  big 
variation. While  the  amounts  involved 
aren't  enough  to  degrade  application  per¬ 
formance  by  themselves,  the  earlier  caveat 
about  delay  being  cumulative  holds:  A  net¬ 
work  built  with  many  ForcelO  switches 
could  add  significant  jitter. 

Backbone  builders 

While  10  Gigabit  baseline  tests  give  us  a 
good  idea  of  how  the  technology  stacks  up 
inside  these  switches,  few  if  any  network 
designers  envision  pure  10G  Ethernet  net¬ 
works  anytime  soon.  We  also  tested  10G 
Ethernet  the  way  it’s  more  likely  to  be 
used:  as  an  aggregation  technology  for 
multiple  Gigabit  Ethernet  connections. 

For  the  bandwidth-aggregation  tests,  we 
constructed  a  test  bed  comprising  two 
chassis  connected  with  a  10G  Ethernet 
link.  We  also  equipped  each  chassis  with 
10G  (single)  Ethernet  interfaces,  and 
offered  traffic  across  the  10  Gigabit  back¬ 
bone.  With  510  virtual  hosts  offering  traffic 
to  each  of  the  Gigabit  Ethernet  interfaces, 
there  were  10,200  hosts  exchanging  traffic 


Note:  The  results  occured  when  we  offered  a 
10%  load.  Smaller  numbers  are  better. 
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Figure  1: 10G  Ethernet  throughput 

Only  ForcelO’s  E1200  achieved  line-rate  throughput  at  10G  bit/sec  rates. 
Switches  from  Avaya,  Foundry  and  HP  topped  out  at  8G  bit/sec  or  less 
because  of  switch-fabric  bottlenecks. 
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‘Tested  with  2  ports;  all  others  tested  with  4  ports. 

Figure  2: 10G  Ethernet  delay  and  jitter 

ForcelO’s  E1200  might  have  had  the  highest  throughput,  but  its  delay  and 
jitter  results  were  also  remarkably  high,  a  problem  the  vendor  attributes 
to  software  optimization  issues.  Avaya’s  Cajun  P882  kept  jitter  low  (albeit 
with  two  ports,  vs.  four  for  other  vendors),  while  Foundry  and  HP  posted 
relatively  low  delay  and  jitter  results. 
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—  just  the  sort  of  thing  one  might  find  at 
the  core  of  many  large  corporate  networks. 

It’s  no  coincidence  this  test  bed  is  simi¬ 
lar  in  design  to  the  one  we  used  in  a  pre¬ 
vious  evaluation  of  link  aggregation  (see 
DocFinder:4025).A  primary  goal  of  this 
test  was  to  determine  if  10G  Ethernet 
backbones  offer  any  improvement  over 
previous  tests  using  link  aggregation, 
where  high  frame  loss  and  latency  rule. 

We  again  used  the  Spirent  SmartBits  to 
offer  64-,  256-  and  1,518-byte  frames  to 
determine  throughput,  delay  and  jitter.  In 
this  case,  we  used  a  partial-mesh  traffic 
pattern,  meaning  10  interfaces  on  one 
chassis  exchanged  traffic  with  the  10  other 
interfaces  across  the  10  Gigabit  backbone, 
and  vice  versa. 

Force  10’s  El 200  switch  again  led  the 
pack,  delivering  line-rate  throughput  at  all 
three  frame  lengths  (see  Figure  3,  page  44). 
The  vendor’s  aggregate  throughput  ap¬ 
proached  30  million  frames  per  second 
across  two  chassis  with  zero  frame  loss. 

Foundry’s  and  HP’s  results  came  in  right 
up  against  the  8G  bit/sec  limit  of  their 
switch  fabrics.  Foundry’s  results  with  256- 
and  1,518-byte  frames  were  significantly 
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HP  buys  the  technology  for  its  ProCurve 
Routing  Switch  9300m  series  from  Foundry. 
Results  for  this  switch  greatly  resembled  the 
results  Foundry's  box  achieved. 


better  than  in  the  four-port  10G  Ethernet 
baseline  tests. 

Avaya’s  Cajun  trailed  the  pack,  with 
throughput  of  less  than  5G  bit/sec  in  every 
test.Avaya  attributes  this  to  the  Cajun’s 
crossbar  design,  which  becomes  congest¬ 
ed  when  utilization  exceeds  about  60%  of 
its  capacity  In  this  case,  60%  of  an  8G 
bit/sec  switch  fabric  represents  just  about 
the  levels  we  saw. 

The  good  news  for  all  vendors  is  that 
throughput  over  a  10  Gigabit  backbone  is 
significantly  higher  than  the  numbers  we 
obtained  in  a  previous  test  using  link 
aggregation.  In  the  worst  case,  we  saw 
throughput  tumble  to  just  10%  of  line  rate 
with  link  aggregation;  here,  even  the  worst- 
case  number  was  nearly  five  times  lower. 
Clearly  it’s  better  to  use  a  single  physical 
pipe  than  a  virtual  one. 

Less  waiting 

Going  with  10G  Ethernet  backbone  in¬ 
stead  of  link  aggregation  also  offers  bene¬ 
fits  when  it  comes  to  delay  and  jitter.  In  pre¬ 
vious  tests,  we  saw  delay  jump  by  as  much 
as  1,200%  when  we  used  link  aggregation. 
In  this  year’s  test,  we  saw  only  modest 
increases  in  delay  and  jitter  compared 
with  the  pure  10  Gigabit  numbers. 

Switches  from  Foundry  and  HP  did  the 
best  job  of  keeping  average  delay  and  jitter 
to  low  levels  across  all  frame  lengths  (see 
Figure  4,  page  44). At  worst,  Foundry’s 
Fastlron  added  average  delay  of  32.3 
microsec  with  1,518-byte  frames,  far  below 
the  point  at  which  applications  would  suf¬ 
fer.  And  while  the  Fastlron’s  delay  is  higher 
than  the  7.6  microsec  we  recorded  in  the 
pure  10  Gigabit  tests,  remember  that  frames 
had  to  cross  two  chassis  and  two  pairs  of 


Net  Results 


While  Avaya's  P882  did  not  fare  well  in  our  pure 
throughput  tests,  this  switch  kept  jitter  to  a 
minimum  and  performed  well  in  our  QoS  tests. 

interfaces  in  this  configuration,  vs.  just  one 
chassis  and  pair  of  interfaces. 

Delay  and  jitter  were  higher  in  this  test 
with  the  Avaya  and  Force  10  switches  — 
much  higher  in  ForcelO’s  case. In  the  worst 
cases,  Force  10’s  E1200  delayed  1,518-byte 
frames  an  average  of  90.9  microsec,  and 
delay  for  1,518-byte  frames  going  through 
Avaya’s  Cajun  varied  by  an  average  of  16.4 
microsec.  By  themselves,  these  numbers 
are  no  cause  for  concern;  they’re  in  the 
same  ballpark  as  some  Gigabit  Ethernet 
switches,  and  Gigabit  Ethernet  was  the  gat¬ 
ing  factor  in  this  configuration.  Still,  the 
Foundry  and  HP  results  show  it  is  possible 
to  achieve  lower  delay  and  jitter. 

Fast  failover 

For  many  users,  resiliency  is  an  even 
more  important  consideration  than 
throughput,  jitter  or  delay  We  assessed  the 
switches’  ability  to  recover  from  a  link  fail¬ 
ure  by  measuring  how  long  it  took  to 
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F  RATING 

Force10E1200 

Company:  ForcelO 
Networks,  www. 
force10networks.com 
Price:  $125,000.  Pros: 
Only  device  with  line- 
rate  throughput.  Con: 
High  delay  and  jitter. 
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Fastlron  400 

Company:  Foundry 
Networks,  www. 
foundrynet.com 
Price:  $94,310.  Pro: 
Low  delay  and  jitter. 
Con:  8G  bit/sec  fabric 
limits  throughput. 
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ProCurve  Routing 
Switch  9300m  series 

Company:  HP, 

www.hp.com/rnd/ind 
ex.htm  Price: 
$115,804.  Pro:  Low 
delay  and  jitter.  Con: 
8G  bit/sec  fabric  limits 
throughput. 


Cajun  P882 
MultiService  Switch 

Company:  Avaya, 
www.avaya.com 
Price:  $85,320.  Pro: 
Jitter  is  nice  and  low 
. . .  Con: ...  but  so  is 
throughput. 


Not rated 

Passport  8600 

Company:  Nortel, 
www.nortel.  com 
Price:  $102,480.  Pro: 
Wide  array  of 
software  and 
hardware  options. 
Con:  Hardware 
problems  led  to  invalid 
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reroute  traffic  onto  a  secondary  link. 

In  this  test,  we  connected  two  switch 
chassis  with  two  10G  Ethernet  links  and 
asked  vendors  to  configure  Open  Shortest 
Path  First  so  that  one  link  was  designated 
as  primary  and  the  other  as  secondary 
Then  we  offered  traffic  to  a  Gigabit  Ether¬ 
net  interface  on  one  chassis  and  verified  it 
was  carried  over  the  primary  link  to  the 
other  chassis.  Once  we  verified  traffic  was 
being  forwarded,  we  physically  disconnect¬ 
ed  the  primary  link  between  chassis.This 
forced  the  switches  to  reroute  traffic  onto 
the  secondary  link.  It  takes  some  amount 
of  time  to  make  the  change,  and  during  the 
cutover  some  frames  inevitably  will  be 
dropped.  We  derived  the  failover  time  from 
the  number  of  frames  lost. 

ForcelO  supplied  enough  10G  Ethernet 
interfaces  for  us  to  repeat  this  test  with  two 
pairs  of  backbone  links  connected  using 
802.3ad  link  aggregation.  Avaya  couldn’t 
participate  in  this  event  because  it  did  not 
supply  the  four  IOC,  Ethernet  line  cards 
needed  for  a  single-link  failover  test.  We 
tested  the  other  vendors  by  failing  over  a 
single  backbone  link. 

ForcelO’s  performance  in  our  failover 
tests  was  another  area  of  big  improve¬ 
ment  over  previous  assessments  in  link 
aggregation. The  other  vendors  didn’t  sup¬ 
ply  enough  10G  Ethernet  interfaces  to  try 
link  aggregation,  but  their  failover  results 
were  still  impressive. 

In  previous  tests,  failover  times  increased 
by  a  factor  of  10  when  link  aggregation 
was  in  use.  Not  so  with  ForcelO’s  El 200 
(see  complete  failover  results  at  Doc- 
Finder:  4 127).  In  this  test,  cutover  time 
improved  when  ForcelO  enabled  link 
aggregation,  going  from  474  millisec  with¬ 
out  link  aggregation  to  384  millisec  with  it. 

Neither  Foundry  nor  HP  supplied 
enough  10G  Ethernet  interfaces  to  try 
link  aggregation,  but  both  vendors’  boxes 
failed  over  even  faster  than  ForcelO’s 
switch  —  237  millisec  for  Foundry  and 
313  millisec  for  PIP 

QoS  enforcement 

When  it  comes  to  enforcing  QoS  para¬ 
meters  for  different  traffic  classes  at  10 
Gigabit  rates,  no  vendor  delivered  every¬ 
thing  we  requested.  Here  again,  though, 
our  results  were  far  better  than  previous 
tests  using  link  aggregation. 

We  used  the  same  SmartBits  script  from 
the  previous  link  aggregation  test. We 
offered  three  different  traffic  classes  and 
expected  the  switches  to  do  four  things. 

First,  switches  should  have  marked  traffic 
using  Differentiated  Services  code  points. 
Remarking  frames  is  a  good  security  prac¬ 
tice;  without  it,  users  might  mark  all  their 
traffic  as  high  priority 

Second,  we  expected  switches  to  deliver 
high-priority  traffic  without  loss,  even  with 
congestion  present. 

Third,  we  asked  vendors  to  configure  the 
switches  so  that  low-priority  traffic  would 
never  consume  more  than  2G  bit/sec  of 
available  bandwidth.This  rate-controlling 
feature  is  critical  for  controlling  low-priori¬ 
ty  flows  such  as  streaming  media  feeds. 

Finally  we  expected  switches  to  allocate 
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Figure  3:  Gigabit  Ethernet  throughput  over  a  10G 

Ethernet  backbone 

In  tests  of  20  Gigabit  Ethernet  interfaces  exchanging  traffic  in  partial  mesh 
pattern  across  a  10G  Ethernet  backbone,  ForcelO’s  E1200  again  achieved 
line-rate  throughput.  As  in  the  pure  10G  Ethernet  tests,  the  other  vendors 
were  hamstrung  by  the  8G  bit/sec  capacity  of  their  devices’  switch  fabrics. 

Aggregate  throughput  over  20  ports  frames  per  second,  in  millions)  »  64-byte  frames 


maximum 

Figure  4:  Gigabit  Ethernet  average  delay  and  jitter 


Delay  and  jitter  were  higher  in  the  backbone  tests,  an  expected  result  given 
two  chassis  and  two  interface  types  were  involved.  Even  so,  ForcelO’s  delay 
and  jitter  numbers  (and  Avaya’s  delay  with  large  frames)  were  relatively  high. 


Delay,  64-byte  Jitter,  64-byte  Delay,  256-  Jitter,  2564>yte  Delay,  1,518-  Jitter,  1,518- 


frames  frames  byte  frames  frames  byte  frames  byte  frames 

Note:  The  results  occurred  when  we  offered  a  10%  load.  Smaller  numbers  are  better. 


remaining  bandwidth  to  medium-priority 
traffic.  Given  our  configuration  it  was  pos¬ 
sible  to  forward  all  medium-priority  traf¬ 
fic  without  loss,  but  not  all  switches  actu¬ 
ally  did  so. 

Deciding  which  switch  did  the  best  job 
depends  on  which  of  these  four  rules  is 
most  important  (see  graphic  at  Doc- 
Finder:4130).If  never  dropping  a  high-pri¬ 
ority  frame  is  the  most  important  criteri¬ 
on,  then  Avaya’s  Cajun  came  out  on  top. 

Then  again,  if  coming  closest  to  meeting 
the  rules  for  all  traffic  classes  matters  most, 
then  ForcelO’s  E1200  wins  this  event. 
Though  it  did  drop  small  amounts  of  high- 
priority  traffic,  the  E1200  did  the  best  job  of 
the  desired  rates  for  all  three  traffic  classes. 

Results  for  Foundry  and  HP  were  a  bit 
puzzling.  While  both  vendors’ switches 
did  a  reasonable  job  in  handling  highl¬ 
and  medium-priority  traffic,  they  were  far 
too  severe  in  rate-controlling  low-priority 
traffic.  Engineers  from  both  companies 
said  the  switches  cannot  rate-limit  one 
class  while  simultaneously  enforcing 
drop  preferences  for  other  classes. 

The  good  news  for  all  vendors  is  that 
QoS  enforcement  across  a  10  Gigabit  back¬ 
bone  generally  works  better  than  it  does 
across  an  aggregated  link  consisting  of 
multiple  Gigabit  Ethernet  links.  Last  time, 
we  saw  vendors  drop  significant  amounts 
of  high-priority  traffic  and  got  the  ratios  all 
wrong  between  traffic  classes. 

It  would  be  a  stretch  to  say  the  first  gener¬ 
ation  of  10G  Ethernet  products  turned  in 
excellent  results.  For  most  switches,  8G  and 
not  10G  bit/sec  seems  to  be  the  limit. 
Where  line-rate  throughput  is  possible,  the 
cost  is  relatively  high  delay  and  jitter.  But 
for  whatever  problems  we  found,  the  new 
10  Gigabit  switches  offer  one  very  convinc¬ 
ing  advantage  over  previous  generations: 


They  get  beyond  the  gigabit  barrier  far  bet¬ 
ter  than  the  alternative,  link  aggregation. 
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How  we  did  it 


We  asked  vendors  to  supply  two  switch  chassis, 
up  to  four  10G  Ethernet  interfaces,  and  a  total 
of  24  Gigabit  Ethernet  interfaces.  We  assessed 
device  performance  in  terms  of  pure  10G  bit/sec 
throughput,  delay  and  jitter;  1G  bit/sec  throughput, 
delay  and  jitter  across  a  10  Gigabit  backbone;  failover 
times;  and  quality-of-service  enforcement. 

Our  primary  test  instrument  was  the  SmartBits  per¬ 
formance  analysis  system  from  Spirent  Communica¬ 
tions,  equipped  with  XLW-3720ATeraMetrics  10G 
Ethernet  cards  and  LAN-3311  TeraMetrics  Gigabit 
Ethernet  cards. 

For  the  10G  Ethernet  and  backbone  tests,  the  test 
traffic  consisted  of  64-,  256-,  and  1,518-byte  Ethernet 
frames.  The  duration  for  all  tests  was  60  seconds,  and 
the  time  stamp  resolution  of  the  SmartBits  was  plus 
or  minus  100  nanosec. 

In  the  10G  Ethernet  tests,  we  asked  vendors  to 
assign  a  different  IP  subnet  to  each  of  four  10G  inter¬ 
faces  in  one  chassis.  We  configured  the  SmartBits  to 
offer  traffic  from  510  virtual  hosts  per  interface  in  a 
’  .i,  meshed  pattern  (meaning  traffic  was  destined 
fc  ill  other  interfaces).  We  measured  throughput, 
a  age  delay  at  10%  load  and  jitter. 

the  backbone  tests,  we  asked  vendors  to  set  up 


two  chassis,  each  equipped  with  one  10G  Ethernet 
interface  and  10  edge  interfaces  using  Gigabit 
Ethernet.  Here  again,  we  asked  vendors  to  assign  a 
different  IP  subnet  to  each  edge  interface  and  we  con¬ 
figured  the  SmartBits  to  offer  traffic  from  510  virtual 
hosts  per  interface.  This  time,  we  offered  traffic  in  a 
partially  meshed  multiple-device  pattern;  as  defined  in 
RFC  2889,  that  means  the  traffic  we  offered  to  one 
chassis  was  destined  to  all  interfaces  on  the  other 
chassis  and  vice  versa.  Once  again,  the  metrics  were 
throughput,  average  delay  at  10%  load  and  jitter. 

In  the  failover  tests,  we  set  up  two  chassis,  each 
equipped  with  one  Gigabit  Ethernet  and  two  10G 
Ethernet  interfaces.  We  asked  vendors  to  configure 
Open  Shortest  Path  First  metrics  to  that  one  10G 
Ethernet  interface,  which  would  act  as  a  primary  route, 
and  one  would  function  as  a  secondary.  We  offered  64- 
byte  frames  to  one  Gigabit  Ethernet  interface  at  a  rate 
of  100,000  frames  per  second;  thus,  we  transmitted  one 
frame  every  10  microsec.  Approximately  10  seconds 
into  the  test,  we  physically  disconnected  the  primary 
link,  forcing  the  switch  to  reroute  traffic  onto  the  sec¬ 
ondary  path.  We  derived  failover  time  from  frame  loss. 

In  the  QoS  enforcement  tests,  we  set  up  two  chas¬ 
sis,  each  equipped  with  12  Gigabit  Ethernet  interfaces 


and  one  10G  Ethernet  backbone  interface.  Because 
we  offered  all  24  edge  interfaces  128-byte  frames  at 
line  rate  in  a  partially  meshed  pattern,  we  congested 
the  switches  by  a  12-to-10  ratio.  For  this  test  we 
offered  three  classes  of  traffic  in  a  1-to-7-to-4  ratio. 

We  asked  vendors  to  enforce  four  conditions.  First, 
they  would  have  to  mark  incoming  frames  using  speci¬ 
fied  Differentiated  Services  code  points,  something 
we  verified  by  capturing  and  decoding  traffic.  Second, 
of  the  three  traffic  classes  we  offered,  the  switches 
should  have  delivered  all  high-priority  traffic  without 
loss.  Third,  the  switches  should  have  limited  the  rate  of 
low-priority  traffic  so  that  it  would  not  consume  more 
than  2G  bit/sec  of  backbone  capacity.  Finally,  the 
switches  should  have  allocated  any  remaining  band¬ 
width  to  medium-priority  traffic. 

As  a  check  against  allocating  a  fixed  amount  of  band¬ 
width  to  high-priority  traffic,  we  reran  the  tests  with 
only  medium-  and  low-priority  traffic  present  in  a  9-to-3 
ratio.  Vendors  were  not  allowed  to  reconfigure  devices 
between  the  first  and  second  tests,  and  we  expected 
the  switches  to  allocate  bandwidth  previously  used  by 
high-priority  traffic  to  the  other  classes. 

A  more  detailed  version  of  the  test  methodology  is 
available  at  www.nwfusion.com,  DocFinder:  4125. 
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n “Star Trek: The  Next  Generation,” characters  in  the  24th  century  communicated 
by  tapping  a  badge  and  speaking  (“Picard  to  Engineering”).  Magically  the  badge 
would  contact  the  person  no  matter  where  they  were  on  the  ship.  Here  in  the  21st 
century  Vocera  has  introduced  a  wireless  LAN-based  interactive  voice  response  sys¬ 
tem  that  uses  lightweight  badges  similar  to  the  “Star  Trek”  system. 


The  Vocera  Badge  connects  via  an  installed  wireless  LAN  to  a  Vocera  server  and  is 
operated  largely  by  voice  command.  (As  an  option,  you  also  can  connect  to  analog 
phone  lines  by  connecting  Vocera  to  a  PBX,  Centrex  or  other  system.)  With  a  bit  of 
work,  these  no-hands  communicators  can  become  very  useful  where  wireless  LANs 
based  on  802.1  lb  deployments  are  working. 

Vocera  doesn’t  control  the  most  critical  component  of  the  system  —  the  802.1  lb 
infrastructure.  We  found  that  if  a  wireless  LAN  can  be  “killed”  or  has  “bare-spot  recep¬ 
tion,”  so  can  Vocera.  But  when  configured  correctly  Vocera  can  operate  during  very 
high  wireless  LAN  network  loads  without  losing  quality  or  functionality.  It  won’t 
replace  a  PBX  or  your  business  phone  system,  but  this  can  augment  and  “cut  the 
cables”  for  mobile  employees.  Companies  that  use  walkie-talkies  might  find  the 
Vocera  system  sleeker,  more  feature-filled  and  less  cumbersome. 

The  system 

Vocera  shipped  us  a  preconfigured  Dell  4500  server  with  Windows  2000  Advanced 
Server  installed.  Normally  we  prefer  testing  the  components  that  end  users/ 
deployment  personnel  would  use,  but  Vocera  ships  100%  of  its  server  systems 
through  value-added  resellers,  which  are  required  to  deploy  a  ready-to-run/config- 
ured  system. So  we  let  Vocera  ship  its  server  almost  completely  configured.  However, 
some  work  on  the  server  was  required  (see  How  we  did  it,  page  46). 

The  Vocera  server  includes  a  base  platform  (the  Dell  4500  in  our  case).  Win  2000 
Advanced  Server  (Win  2000  Professional  can  be  used  and  we  recommend  that), Vocera 


Net  Results 


Vocera  Communications  System  1.02 


^  Company.  Vocera,  (800)331-6356,  www.vocera.com  Cost:  Minimum 

j  i  configuration  is  75-user  system  with  25  badges  and  PBX  integration 
®  for  approximately  $40,000.  $350  per  badge  (includes  batteries, 
RATING  attachments).  User  licenses  available  in  preconfigured  sets  of 
75, 150,  300,  450,  600  users  and  up.  Pros:  High-fidelity  wireless  LAN  voice 
features,  using  WEP;  addictive  convenience.  Cons:  Weird  installation/setup; 
phone  badge  buttons  difficult  to  use;  doesn’t  use  directory  services  at  all. 
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Features  40% 


Management/administration  20% 


Ease  of  use  20% 


Installation  10% 


Documentation  10% 


TOTAL  SCORE 


Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score.  B  Scoring  Key:  5:  Exceptional  showing  in  this 
category.  Defines  the  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room 
for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this 
category.  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
some  features  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar, 
or  lacking  features  being  reviewed. 


software,  Nuance  voice-recognition  software  and  an  optional  multiport  Intel/Dialogic 
phone  board. The  total  Vocera  software  installation  took  about  10  minutes. 

The  badges  (we  received  four)  are  based  on  802. 1  lb  (other  802. 1 1  variants  are  not 
available)  and  initially  are  programmed  via  a  configuration  download  through  an 
access  point.The  access  point  requires  a  specific  IP  address  (in  a  specific  range)  to 
download  the  configuration.  Installation  is  more  difficult  than  it  needs  to  be. 
Whether  the  choice  is  static  or  dynamic  IP  address, each  badge  must  have  an  initial 
wireless  LAN  adaptation  setup  procedure.  This  ritual  is  oddly  cumbersome  as  all 
configuration  must  come  from  the  wireless  LAN  —  there  is  no  equivalent  to  a  cell 
phone  “base  station-to-PC”  connection  for  initial  configuration. 

After  some  additional  minor  glitches,  we  configured  the  badges  and  set  up  the 
group/user  database.  Vocera  cannot  read  an  Active  Directory  or  otherwise  use 
Lightweight  Directory  Access  Protocol  or  another  directory  service  to  import  user  or 
group  information  into  its  database.  Vocera  uses  the  MySQL  database  and 
Apache/Tomcat  Web  server  (which  requires  shutting  down  or  moving  Internet 
Information  Server’s  Web  service  ports  if  they  were  installed). 

A  genie  in  the  badge 

Next  was  configuring  how  the  voice  recognition  (humanized  in  voice  responses 
through  the  badge)  would  sound.  Male  or  female  voices  are  offered  —  we  chose  the 
male  voice,  but  in  retrospect  the  female  voice  was  easier  to  understand. 

The  Genie  application  is  analogous  to  an  older  voice-recognition-driven  application 
called  the  Wildfire  Assistant  from  Wildfire  Communications.  When  we  used  a  badge 
for  the  first  time,  we  pressed  the  call  button  on  the  badge,  and  the  male  voice  asked 
for  our  name.  We  spoke  our  name,  and  the  badge  repeated  the  name  back  to  us  — 
when  we  responded,  the  badge  became  registered  to  us. 

Pressing  the  call  button  let  us  locate  individuals  (and  groups)  and  bring  them  into 
the  conversation.  Controls  on  the  side  of  the  badge  are  used  to  check  messages  that 
can  be  stored  during  off-time,  although  Vocera  is  not  a  standard  voice  mail  server. 
There  is  a  Do  Not  Disturb  mode  that  users  can  select  —  voice  mail  also  kicks  in  when 
users  are  out  of  range  or  offline. 

The  optional  voice  board,  a  Dialogic  D120JCT-LS  12-port  board,  was  connected  to 
two  analog  trunks  (the  system  can  support  two  Dialogic  boards  for  a  total  of  24  con¬ 
current  ports).  We  successfully  used  Vocera  to  dial  internal  and  outside  extensions. 
Unfortunately  the  software  doesn’t  recognize  a  command  such  as  “Call  George”  and 
numbers  need  to  be  spoken.Vocera  does  remember  dialing  prefixes  for  outside  lines 
and  long-distance  prefixes. 

Testing  the  badges 

We  used  several  tests  to  discern  the  voice-recognition  quality  of  the  Vocera/Nuance 
combination.  High  ambient  background  noise  (such  as  82db/A  average  from  equip¬ 
ment  cooling  fans  in  our  network  operations  center)  made  voice  recognition  difficult; 
we  were  forced  to  repeat  our  selections  several  times  before  they  were  recognized.  In 
low  background-noise  areas  (ambient  noise  under  72db/A  average),  recognition  was 
nearly  flawless. 

When  the  badge  hangs  from  a  lanyard  that  is  worn  around  the  neck,  the  speaker 
faces  away  from  the  user.  Additionally  the  microphone  embedded  in  the  badge 
picks  up  lots  of  ambient  sounds  around  the  user.  Using  the  earphone/microphone 
combination  in  conjunction  with  the  badge  helped  the  system  recognize  voice 
immensely  and  also  kept  privacy  high.  Without  this  earphone/microphone  combi¬ 
nation,  communications  via  a  badge  are  fairly  public. 

We  also  subjected  the  system  to  a  variety  of  background  Ethernet  and  wireless 
LAN  data  traffic  to  see  how  it  affected  communications.  On  a  quiet  network, Vocera 
subjects  conversations  to  about  a  1-second  delay  between  speaker  and  listener.  We 
subjected  all  our  access  points  to  a  large  amount  of  traffic  using  either  a  4G-byte  FTP 
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file  transfer  or  with  our  Spirent  Communi¬ 
cations  traffic  generator,  and  could  cause 
outages  only  when  traffic  rose  to  denial-of- 
service  levels  —  effectively  jamming  all  the 
access  points  in  our  wireless  LAN. 

Vocera  supports  up  to  128-bit  Wired 
Equivalent  Privacy  encryption,  and  we 
couldn’t  tell  that  WEP  affected  traffic, 


throughput  or  signal  quality  The  badges 
worked  at  the  same  range  as  an  802.1  lb- 
equipped  notebook.  Similarly,  signal  dead 
zones  stopped  our  badges  from  working  in 
the  same  way  a  notebook  would  stop  work¬ 
ing.  Voice  latency  was  approximately  1  sec¬ 
ond,  and  we  could  adapt  to  this  slight  hesi¬ 
tation  quickly 


Conclusion 

The  Vocera  1.02  offering  has  a“one-dot- 
zero"  feel  to  it.  Offsetting  the  products 
youth  is  a  serious  “wow”  factor.  While  we 
couldn’t  test  a  large  density  of  badges 
under  stressful  circumstances,  the  basic 
Vocera  technology  could  survive  the 
stresses  of  modern  business  —  as  long  as 


the  underlying  wireless  LAN  transport  is 
stable.  The  youthfulness  and  buggy-ness 
might  be  best  described  as  Vocera s 
Captain  Kirk  stage. 

Henderson  is  principal  researcher  for  Ex- 
tremeLabs  of  Indianapolis.  He  can  be 
reached  at  thenderson@extremelabs.com. 


Complimentary  Event  for  Qualified  Attendees! 


TECHNOLOGY  TOUR 


ireless  LANs  offer  network  flexibility  and  end  user  mobility,  making  them  one  of  the  hottest 
technologies  today.  However,  IT  managers  have  the  tremendous  challenge  of  melding  them 
into  their  current  enterprise  framework  without  jeopardizing  network  security  and  disrupting 
the  end  user  experience.  Join  Network  World  for  our  exciting  one-day  event,  "Wireless  LANs: 
Building  and  Managing  a  Well-Integrated  802.11  Network."  Wireless  LAN  expert  Tom  Henderson 
joins  representatives  from  the  leading  wireless  companies  to  show  you  how  to  create  a  sound  wire¬ 
less  infrastructure  from  the  ground  up.  They  explore  best  practices  for  security  and  management, 
and  what  steps  to  take  to  offer  users  all  the  benefits  without  losing  control  of  the  network. 


JOIN  US  IN  A  CITY  NEAR  YOU! 


March  4  ►  Washington.  DC  ►  Grand  Hyatt 

March  6  ►  New  York,  NY  ►  Grand  Hyatt 

March  18  ►  Chicago,  IL  ►  Hyatt  Regency  0' Hare 

March  20  ►  Richardson,  TX  ►  Omni  Richardson 


Don't  miss  this  opportunity  to  get  your 
wireless  LAN  questions  answered! 


Learn  the  Latest  about  Wireless  LANs: 


□  Plotting  out  a  wireless  network  and  the  considerations  to 
take  when  doing  site  surveys 

□  Getting  a  handle  on  the  myriad  of  802.1 1  specs  —  their 
frequency  ranges  and  relevant  features 

□  Integrating  wireless  LAN  management  tools  with  existing 
network  management  tools 

■  Strategies  for  putting  voice  and  video  onto  wireless  LANs 
and  the  effects  on  network  performance 

□  Choosing  access  points,  software  and  clients  that  seamlessly 
meld  wireless  with  wired  networks 

□  Employing  intrusion  detection  and  prevention  systems  to 
create  a  secure  wireless  network 


REGISTER  NOW! 

Online  at  www.nwfusion.com/events/wlanreg2.jsp  or  call  800-643-4668 

To  sponsor  this  premier  Network  World  event  or  if  you  are  interested  in  on-site  training  for  your  company, 
contact  Andrea  D'Amato  at  508/490-6520  or  adamato@nww.com 
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■  How  we  did  it 


We  tested  the  Vocera  sys¬ 
tem  as  supplied  by  Vo¬ 
cera.  The  kit  included  four 
badges  (with  lanyards,  headsets, 
belt  clips  and  chargers),  a  Dell 
4500  server  (Windows  2000 
Server)  using  a  2-GHz  Intel  pro¬ 
cessor,  and  a  40G-byte  hard  disk 
with  internal  IEEE  100Base-TX 
network  card. 

However,  while  the  server  soft¬ 
ware  was  installed  with  Vocera 
components,  the  server  (running 
under  Windows  2000  Advanced 
Server)  arrived  without  any  ser¬ 
vice  packs  or  security  updates. 

After  platform  stabilization  we 
added  users,  groups  and  access 
point  location  aliases,  which 
became  objects  of  identification 
that  Vocera  used  to  locate  for 
conversations.  Additional  user 
setup  can  enable  comparatively 
sophisticated  ‘‘follow-me’’  call-for¬ 
warding  features. 

Two  test  beds  were  used:  a  pris¬ 
tine,  isolated  network  and  the  lab 
network,  The  pristine  network 
consisted  of  five  802.11b  access 
points  (one  from  Proxim/Orinoco, 
two  from  D-Link,  one  from  Intel 
and  one  from  Linksys)  in  a 
nonoverlapping  configuration  (to 
reduce  the  effects  of  co-channel 
interference).  We  then  connected 
this  network  to  the  lab  infrastruc¬ 
ture  and  two  phone  trunk  lines. 

We  walked  along  our  property 
doing  a  Verizon-style  test  (“Can 
you  hear  me  now?”)  through  an 
acre  one-floor  range.  We  noticed 
service  outages  (Vocera  has  a 
signal  strength  indicator  that  we 
verified  with  a  notebook  running 
an  Proxim/Orinoco  802.11b  card) 
that  occurred  where  wireless 
LAN  drop-off  normally  occurred. 

We  repeated  the  test  while  run¬ 
ning  batch  FTP  transfers  de¬ 
signed  to  clog  all  the  access 
points.  On  a  few  occasions  we 
noticed  conversational  dropouts, 
but  never  increased  time  lag. 
When  we  used  a  Spirent  traffic 
generator  to  clog  the  100Base-TX 
segment  connected  to  the  Vocera 
server,  we  had  uniform  conversa¬ 
tional  drop-offs  when  at  94%  uti¬ 
lization;  badge  units  reconnected 
without  user  intervention. 


VPN  outsourcing 

Firms  are  using  managed  services  to  circumvent  the  staffing  burden  of  maintaining  VPNs. 


SUSAN  WERNER 

II  If  a  dealer  can’t  order  parts  for  your 
Camry  because  the  VPN  is  down,  then 
you're  an  unhappy  Toyota  customer,  9  V 

Bill  Strickland 

National  technology  manager  for  IS  LAN/WAN  services,  Toyota  Motor  Sales,  USA 


■  BY  DENISE  PAPPALARDO 

For  most  companies,  moving  to  an  IP-based 
VPN  to  enjoy  savings  and  flexibility  is  an 
easy  decision.  But  it’s  not  a  cinch  to  man¬ 
age  a  secure  network.  VPN  deployment, 
monitoring  and  maintenance  can  be  com¬ 
plex  chores  that  strain  IT  departments. 

At  first,  most  network  executives  attempt  to  manage 
their  VPNs  in-house.  But  more  are  looking  for  help  from 
third-party  experts.  According  to  a  recent  study  from 
IDC,  75%  of  400  WAN  managers  surveyed  said  they  man¬ 
age  VPNs  in-house.  Still,  12%  of  respondents  completely 
outsource  their  VPNs,  while  11%  jointly  manage  their 
VPN  along  with  a  third  party 

Some  companies  that  have  made  the  outsourcing 
plunge  are  keeping  the  size  of  their  IT  departments  in 
check  and  are  better  utilizing  their  workers’ skills. 

Before  switching  to  a  fully  managed  VPN  with  World¬ 
Com  in  2000, Toyota  Motor  Sales,  USA  used  a  legacy 
19.2K  bit/sec  dial-up  network  to  connect  AS/400  sys¬ 
tems  at  dealer  sites  to  a  mainframe  at  the  data  center  in 
Torrance,  Calif. 

Although  the  system  worked,  it  was  antiquated,  says 
Bill  Strickland,  national  technology  manager  for  IS 
LAN/WAN  services  at  Toyota.  After  the  company  decid¬ 
ed  to  use  more  Web  applications, Toyota  chose  an  out¬ 
sourced  VPN  primarily  because  it  was  more  cost-effec¬ 
tive  and  better  suited  for  the  future. 

“We  have  a  group  of  1,100  Toyota  and  Lexus  dealers 
that  communicate  with  the  factory  to  order  cars,  parts, 
do  warranty  claims  and  vehicle  financing,”  he  says. 

The  old  dial-up  network  required  only  one  person  to 
support  it,  but  Strickland  estimates  he  would  need 
between  eight  and  10  full-time  network  engineers  to 
support  a  VPN  in-house. “This  type  of  network  environ¬ 
ment  requires  more  care  because  people  in  car  dealer¬ 
ships  don't  really  know  all  about  IP  or  the  impact  of  a 
circuit  going  to  Toyota,"  he  says. 

Toyota  hired  four  people  to  manage  the  outsourced 
relationship,  but  those  employees  primarily  address 

More  online! 

Find  out  what  to  look  for  when  you're 
shopping  for  a  managed  VPN  service. 

You'!  have  to  dig  deep  to  find  out  exactly 
what  service  providers  are  offering. 
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dealer  issues  with  accessing  the  manufacturer’s  portal 
site  or  basic  connectivity  questions.  While  devoting  four 
engineers  to  manage  an  outsourced  relationship  might 
seem  excessive,  Strickland  says  he  took  this  “high-touch” 
approach  because  the  dealers  who  access  the  VPN  are 
typically  not  IT-sawy 

Another  reason  he  put  the  four  engineers  on  the  job  is 
because  it’s  in  Toyota’s  best  interest  from  a  customer 
service  perspective.“If  a  dealer  can’t  order  parts  for  your 
Camry  because  the  VPN  is  down,  then  you’re  an  unhap¬ 
py  Toyota  customer’’  he  says. 

The  additional  staff  needed  to  support  the  VPN  inter¬ 
nally  would  have  cost  significantly  more  than  outsourc¬ 


ing,  Strickland  says.  Network  administrators  earn 
between  $45,500  and  $65,750  per  year,  according  to  IT 
staffing  firm  Robert  Half  Technology,  while  VPN  or  net¬ 
work  security  administrators  typically  command 
between  $62,500  and  $88,250.  Based  on  these  figures, 
Toyota  is  saving  at  least  $182,000  to  $273,000  per  year 
by  not  hiring  four  to  six  more  network  engineers  to 
manage  the  VPN. 

instead, Toyota  was  able  to  add  four  Web  application 
developers  for  the  IS  department. This  has  helped  grow 
the  portal  site,  which  hosts  125  applications  and  is  a 
critical  means  of  communication  between  Toyota  and 
its  dealers,  Strickland  says.B 


hen  things  go  wrong... 


your  server 


and  network 


with  Cyclades 


...ensure  the 
availability  of 


The  AlterPath“ACS  family  of  Advanced  Console  Servers  provides 
IT  professionals  a  universal  gateway  for  server  and  network 
management.  Now  you  can  manage  your  data  center  with  the 
tools  you  need  for  those  unplanned  downtimes  -  anywhere,  anytime. 
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Applications: 

Server  and  Network  Management 


Featuring  two  PCMCIA  slots  for  enhanced  functionality,  the 
AlterPath“ACS  supports  many  PC  cards,  including  Ethernet, 
modem  (V.90,  ISDN  and  GSM)  and  wireless  LAN.  The  dual  power 
supply  provides  extra  reliability  to  the  console  server,  ensuring 
availability  during  critical  times. 


Industrial  /  Commercial  Automation 
Ethernet-attached  Serial  Board  Replacement 

Security' (  ,  IP  Filtering,  RADIUS  ) 

Redundancy  (dual  power  supply) 


The  AlterPath'"ACS  provides  IT  managers  and  system  administrators 
an  alternative  access  path  to  the  data  center,  allowing  higher 
network  uptime. 


Flexibility  to  support  existing  and 
future  interface  types  (PCMCIA  support) 
Flexibility  and  rock-solid  stability  (Linux  Inside) 
Rack  space  savings  (1  U  form  factor) 


Network  monitoring  (Off-line  data  buffering) 


3||EGet  your  FREE  "Guide  to  Console  Management"  booklet  at  www.cyclades.com/cas.pdt 


Best  Hardware  for 
Linux' since  1995" 


www.cyclades.com/nw 

sales@cyclades.com 
1.888. CYCLADES 


cyclades 


Everywhere  with  Linux 


‘  2003  Cydodes  Corporation.  All  rights  restored.  All  other  trademarks  and  product  imoges  are  property  o(  their  respective  owners  Product  information  subject  to  change  without  notice. 


Remote  Console  Management  Solutions 


Mk, 


Access  Serial  Console  Ports...  from  An 


OUT-OF-BAND  +  TELNET 


■  Multi-Session  Telnet 

■  8, 16  or  32  Port  Models 

■  Non-Connect  Port  Buffering 

■  AC  and  -48VDC  Power  Options 


OUT-OF-BAND  +  MODEM 


■  Internal  33.6  Kbps  Modem 

■  Seven  DB-9  Serial  Ports 

■  Any-to-Any  Port  Switching 

■  Co-Location  Password  Features 


OUT-OF-BAND 


■  4,  8  or  16  Port  Models 

■  Port  Specific  Passwords 

■  Safe  “Break”  Features 

■  Datarate/Flow  Control  Conversion 


WTI's  family  of  remote  site  management  products  allows  network  administrators  to  manage  network  elements  located  anywhere.  WTI  designs  and  manufactures  in- 
band  and  out-of-band  console  and  terminal  switches,  remote  reboot  and  power  management  solutions,  rack  mounted  modems  and  automated  A/B  Fallback  Switches.^ 


www.wti.com 


Features  included  in  all  Console  Switches 

(800)  854-7226 
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Keeping  the  Net.. .Working! 


CONTROL  KEYBOARD,  VIDEO  AND  MOUSE  REGARD!  , ESS  OF  LOCATION 

With  the  Kaveman  networking  device,  you  can  remotely  control  servers,  either  over 
the  Internet  or  a  local  network,  down  to  the  BIOS  level. 

ACCESS  SERVERS  USING  A  WEB  BROWSER  OR  VNC 

All  you  need  to  operate  Kaveman  is  a  web  browser  or  VNC  on  the  remote  client.  No 
additional  software  is  required.  And  no  software/users  licenses  help  keep  your  costs 
down. 


H  &  u  e  m  &  n 

COMPLETE  KVM  CONTROL  VIA  TCP/IP 


REMOTELY  CONTROL  POWffi 

Through  the  user-friendly  Kaveman  GUI,  you  can  control  the  power  of  up  to  eight 
devices. 

AUTOMATICALLY  MONITOR  SB3VB3  ACTIVITY 

Kaveman  automatically  monitors  critical  server  vitals  such  as  power,  video,  and 
keyboard  response;  it  alerts  you  to  crashes  and  enables  you  to  quickly  respond  to 
problems. 


The  Engine  of  Innovation 


Available  in  single  and  eight  channel  versions  www.digitalv6.com  Resellers  and  Distributors  welcome 


The  Hub  of  the  Network  Buy 


-  '  ^  '  Mapage~1000’s16f  computers .  via 
^  ^Ethernet  or  dial-up  from  ANYWHERE 


UltraLink 


■  Connects  to  standalone  computers  or  any  KVM  switch 

■  High  quality  16-bit  video  at  up  to  1280x1024  resolution 

■  Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

■  Encrypted  communication  produces  highly  secure  operation 

■  Scaling  and  scrolling  features  for  maximum  flexibility 

■  Single  mouse  cursor  simplifies  user  interface 

■  See  four  servers  from  one  screen  with  quad  screen  mode 

■  Lifetime  free  flash  upgrades 
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UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 

The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 

Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 

Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


WWW.ROSE.COM 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44(0)  1264  850574 
+617  3427  5353 


ELECTRONICS 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


iserver 


Expert  Observer 

Observer  Suite 

*2895  * 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 
Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  *44  (0)  1959  569880  •  Fax  *44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments"  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments.  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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WIRELESS  NETWORKING 


www.  wa  ve  wireless.com 

800-721 -WAVE  (9283) -941 -907-2300  •  FAX  941-355-0219 
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Taught  on  your  own  computer  -  In  your  own  time- 
By  the  most  qualified  instructors.  Also  includes 
full  educational  support,  and  our  exclusive  No  Pass 
No  Pay  Guarantee! 


Visit  us  at  www.microsnap.com 
Or  call  now  at  888-979-3300 

v^lllieroSnop 

Home  of  the  No  Pass  No  Pay  Guarantee 


FREE!  Online  University. 

With  purchase  of  MCSE,  MCSA  or  MCDBA 

Over  100  Courses  Including: 

MCSE  MCDBA  MCSA  A-f  Net-l-  Cisco  Security-l-  Win  XP 
Visual  Basic  C++  i-Net+  Linux+  Server+  Fox  Pro 
Macromedia  Adobe  MS  Office  2000/XP  and  many  more... 

*May  not  be  combined  with  any  other  offer 


"Word  on  the  street  is  that  MicroSnap  has  one  of  the  BEST 
computer-based  training  courses  ON  THE  MARKET"... 

...Certification  Magazine 

Some  of  our  satisfied  clients  include: 

Dell  Computer,  CBS  Network,  The  Walt  Disney  Company, 
Microsoft,  The  U.S.  Navy,  Federal  Bureau  of  Investigation, 
General  Electric,  Public  and  Private  Schools,  State  Vocational 
Rehabilitation  Departments  and  Thousands  of  Individuals.... 


Verify  Amps  Used  per  Circuit 
with  Sentry  Input  Current  Monitor 

•  Precisely  measure  the  current,  in  amps, 
for  each  power  circuit 

•  Prevent  overloads  on  existins  power  circuits 

•  Reduce  costs  for  additional  power  circuits 

•  Overcurrent  alarms 

•  Remote  Measurement  via  IP  or  RS-232 

•  Local  Measurement  via  digital  display 


Sentry  Power  Tower.  Equipment  Cabinet  Solutions 


Server  Technology,  Inc 


1040  Sandhill  Drive  Reno,  Nevada  8951 1  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 


Instantly  Search  Gigabytes  of  Text 


dtSearch* 


The  Smart  Choice  for 
Text  Retrieval ®  since  1991 
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Spider 


$2 

-T  "Industrial-strength  I 

V  superb'-* 

Network 

Search  the  many 
forms  of  data  that 
exist  across  a  large 
enterprise  network 

♦  from  $800 


Spider  and  search 
Web  sites  ♦  included 
with  all  products 


"Superb  ...  a  multitude  of  high-end  features"  —  PC  Magazine 

"A  powerful  text  mining  engine  ...  effective  because  of 
the  level  of  intelligence  It  displays"  —  PC  Al 

"Very  powerful  ...  a  staggering  number  of  ways 

to  search"  —  Windows  Magazine 

"Impressive"  —  PC  Magazine  Online 

"A  tremendously  powerful  and  capable 
text  search  engine" —  Visual  Developer 

"Intuitive  and  austere  ...  a 
superb  search  tool"  —  PC  World 

Fast,  precision  searching 

♦  over  two  dozen  text  search 
options 

♦  indexed,  unindexed,  fielded 
and  full-text  searching 

Organization-wide  reach 

♦  highlights  hits  in  HTML  and  PDF 
while  keeping  embedded  links 
and  images  intact 

♦  converts  other  file  types  —  word 
processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc.  — 
to  HTML  for  display  with 
highlighted  hits 

1-800-IT-FINDS 
www.  dtsearch.  com 

sales@dtsearch.com 


Desktop 

Find  anything, 
anywhere, 
instantly  ♦  $199 


Publish 


'industrial-strength..  I 

v  |  superb- -KMaqazm.J 

Web 

Add  instant 
searching  to  your 
site  ♦  $999  per  server 


Publish  a  searchable 
database  to  CD,  DVD 

♦  from  $2,500 


Text  Retrieval 
Engine 

Add  power 
searching  to 
a  product 

♦  extensive 
sample  source 
code  in  multiple 
programming 
languages 

♦  from  $ 999 


Stop  by  www.dtsearch.com 
for  30-day  evaluation  versions 


TM 


AppDancer/  FA 

Network  Flow  Analyzer 

•  An  Easy-To-Use  Network  Viewing  Tool 

•  Email  •  Database  *VoIP  •Web 

•  Identifies  Problems  Causing  Slow  Downs 

•  Monitors  Applications,  Network  Devices, 
and  Network  Traffic 

•  Affordable  I  k  I  T 


free  Download! 

[^.AppDancercom 


BEST  OF  INTEROP 
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Call  Toll  Free 
800.825.7563 

A 


AppDancer  Networks,  Inc. 

1 000  Holcomb  Woods  Parkway 
Suite  426 

Roswell,  GA  30076-2585  USA 

email  info@AppDancer.com 

telephone  770.643.6800  USA 
web  www.AppDancer.com 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 


I  Boson  Training 

i  1 CBT  Nuggets,  Inc, 

I  (813)  925-0700 

1  (541)  284-5522 

1  www.bosontraining.com 

!  1  www.cbtnuggets.com 

1 CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 

|  1  IT  Certification  Videos 

|  wireless,  CISSP _ 

1 WKMN  Training 

l  1  Transcender  j 

I  (415)  586-1713 

j  I  (615)  726-8779  | 

I  www.wkmn.com/wireless 

j 1  www.transcender.com  ! 

1  Comprehensive  introduction  to 

1 1  Award-winning  practice  exams  ] 

I  wireless  networking. 

1 1  for  IT  certification 

George  Washington  Univ 

(202)  973-1175 
I  www.cpd.gwu.edu 
|  Oracle  MCSE  Network  Security 
UNIX/LINUX  1-Net  VB.Net  XML 
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NetSmart  Learning  Partner 


NetworkWorld's  .. 

Marketplace 


The  Hub  of  the  Network  Buy 


WabiniBSBn.  and  leaSfe 

new  and  refurbished  networking  equipment, 
with  the  best  value  and  service  anywhere. 


We  Buy  &  Sell 

USED 

CISCO 

Juniper 

Extreme 

800.451.3407 

Since  1985 

50-90%  Savings 
Fully  Guaranteed 
Overnight  Delivery 

networkhardware.com 


Make  the  Smart  Choice, 
Treat  the  Experts  ~ 

^Continental 

Computers 


order  now:  310-416-1200 

or  visit 

www.ContiComp.com 


We  Specialize  In... 

Cisco  Systems 


Authorized 
Reseller 

Thsss  logos  are  a  trademark  of  thetr  respective  oompames  and  services. 


toll  free  800  879  8795 
ph:  + 1  402  575  3000 
fax: -hi  402  575  2011 


OptimumDatalnc. 

www.optimumdotg.com 


Extreme  Networks 


ADTRAN  •  Sun 


J£ 


components 

■■  1  *  Initwork  hardware 


IT  Hardware  for  Less 


New  Overstock 

Open  Boi 
Pre-Owned 
Discontinued 


WE  BUY  USED  CISCO 
&  SURPLUS  EQUIPMENT 


MBE  Certified  •  Woman  Owned 

1 1904  South  la  Genega  Blvd,  Hawthorne,  CA  90250 
Tel  310  643.6021  •  Fax  310  643.6041  •  www.jwom.com 


Smartronix 
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PDA  Based! 


Network 
Test  Tool 

s699 

10/100  Ethernet  LAN  Tester 


Design  Engineers: 

Evaluate  &  test  new 
equipment  under 
development 
Network  Engineers: 

Determine  faulty 
NIC  cards,  wiring,  & 
network  equipment 


(FREE  Palm  ml05 
included) 


►  Displays  network  utilization,  packets 
8i  statistics 

►  Captures  &  generates  various  error 
packets 

►  Network  load  testing  function 

►  Full  auto  negotiation  &  DHCP  ready 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


COMPLETE 

Catse  Kit 


EACH  KIT  INCLUDES: 

i-ioooft  Box  of  Catse  Cable 
100-RJ-45  Connectors 
i-Crimper  Tool 
i-Cable  Tester 


•  In  Stock  &  Ready  to  Ship 

•  No  Freight  Upcharges 

•  No  Handling  Fees 

•  i  Year  Warranty 

•  $ 100  minimum  order 

760-639-4500  www.evertek.com 
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See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  goods. 

Gifts  Pens.  Clocks. 

Lighters.  Games 

www.suitcase.com 


For  More  inforMa+ion 
on  advertising  in 
^e+worfc  Worths  Marketplace 
con+act;  Br)ko  Gufcale* 
800-^11-1108  ext. 
e.?  <ibaIe0nww.coM 


■  ■  ■  ■  $499 


$959 

Versa  Tables 
Factory  Direct  Prices 
Lifetime  Warranty  made  In  USA 
310-B73-0384  www.v»r«adlrect.com 


FIBEROPTIC 

SOLUTIONS 


•  Tl/El  &T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Tvvinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arenet/Elhemet-'Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO-9001 

slTECH 

Toll  FrceS66-SITcch-l 
630-761-3640,  Fax  630-761-3644 
H-ww.silcch-bitdrivcf.com 
www.saechriber.coa 


Overnight  Delivery 
90-day  Guarantee 
Free  Tech  Support 


FREE  Gift 
With  Every 
Purchase 


We  Buy  &  Sell 

Cisco 


1-800-861-3797 


Specials  of  the  week: 

Cisco  2611 

$750 

Cisco  PA-MC-2T1 

$550 

Cisco  WS-C2916M-XL-EN 

$295 

CALL  US  FOR  FREE  QUOTE!! 


OvernlghtNetworks,  Anaheim,  CA  92840 


For  more  information  on  advertising 
in  the  Marketplace, 

STOP  everything,  and  call  now! 
800-622-1108  ext.646 5 


up 1 

Increase  Your 
Exposure  with 

NetwoitWorld 
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* 

Response  Cards 

■ 

For  more  information, 
please  contact  Enku  Gubaie 
800.622.1108  or 
egubaie@nww.com 
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S/W  Engineers  to  lead  teams  to 
analyze,  design,  develop,  test 
and  implement  Software  Appls 
using  Oracle  RDBMS,  Oracle 
Financial  ERP  Appls,  PL/SQL, 
XML,  Perl,  Pro'C,  C++.  Unix 
Shell  Scripting  and  Object 
Oriented  Techniques  on  Sun 
Solaris,  Unix  and  Windows  OS; 
perform  database  admin  and 
tuning;  interact  with  clients  for 
req  analysis  and  feasibility 
study;  evaluate  team  members 
&  train  end  users.Require:  MS 
or  foreign  equiv  in  CS/Engg  (any 
branch)  with  3  yrs  exp  or  BS  in 
Finance/Business  or  foreign 
equiv  in  any  of  the  above  field 
with  5  yrs  relevant  progressive 
exp.  F7T.  High  Salary.  Travel 
Involved.  Resume  to:  HR, 
Fourth  Technologies,  Inc.,  1108 
N  Bethlehem  Pike,  Suite  8. 
Lower  Gwynedd,  PA  19002. 


IT  ARCHITECTURE  PRO¬ 
JECT  MANAGER  -  Direct  & 
coord.  IT  projects  w /  fin.  ind. 
clients,  mainly  German 
banks,  Req'd:  Fin.  MBA  &  4 
yrs.  exp.  in  job  or  Soft. 
Development  job  w/in  fin.  ind. 
Fluency  in  Germany;  ext.  exp. 
w /  IT  projs.  &  BA  in  CS  or  rel'd 
field.  Exp.  w /  Kondor+, 
Oracle,  Sybase,  ACBS,  & 
SQL.  Send  resumes  to 
Levada  Consulting,  Inc.  303 
South  Brdwy,  Ste.  100, 
Tarrytown,  NY  10591.  Attn: 
M.  Holzmann. 


Software  Developer 
Full-time  position  in  Wheaton. 
IL.  In  this  position  you  will  deliv¬ 
er  quality  code  in  a  collaborative 
environment,  as  well  as  docu¬ 
ment  and  communicate  techni¬ 
cal  and  architecture  information 
as  needed.  Required:  Master’s 
degree  in  Engineering,  Computer 
Science  or  related  field;  1  +  year 
of  experience  in  developing  N- 
tier  DNA  application  using  ASP, 
VB.COM,  DCOM.  SQL,  server, 
javascript,  remote  scripting;  6+ 
months  experience  in  develop¬ 
ing  in  Web  Farm  Environment; 
and  6+  months  of  development 
experience  in  ASP.net,  VB.net, 
XML,  XSL  and  Xpath.  Contact 
miwinski@warrantycheck.com. 


IP  Support  Engineer  wanted 
at  our  location  in  Nutley,  NJ  to 
support  technical  issues  for 
scheduled  daily  Network 
Migration  for  Reuters  Product 
and  Instinet.  Bachelor's  de¬ 
gree  in  Telecommunications 
or  a  related  field  and  at  least  2 
years  of  experience  in  Tele¬ 
communications  required.  Ex¬ 
perience  must  include  TCP/IP 
and  Cisco.  Must  speak 
Cantonese.  Please  e-mail 
resumes  to  Rebecca. gusta 
mente@radianz.com  (sub¬ 
ject:  Code  0312). 


Software  Engineer 

Design,  develop  &  maintain  soft¬ 
ware  for  weather  analysis  system. 
Build  communication  system  with 
weather  sensors  &  radar  data  cen¬ 
ter  Research  &  develop  visualiza¬ 
tion  rendering  system  for  weather 
data  M  S  in  CS  or  rel  &  6  mos. 
exp  in  above  pos  or  rel.  w/abil  to 
use  C/C++,  VC++,  Win32,  2D/3D 
computer  graphics,  Image  pro¬ 
cessing.  GIS,  Oracle,  SQL.  HTML, 
multiport  senal  I/O  communication 
protocols  40.0  hr/wk.  9-5  Send 
resume  to:  Mr.  John  W.  Wessinger. 
Chief  Operating  Officer.  Baron 
Services,  Inc  .  4930  Research  Dr., 
Huntsville,  AL  35805 


Consulting  Svcs.  Engr.  Atlanta. 
GA.  Mult,  openings.  Consult  w/ 
clients  &  potential  clients  on 
transportation  resources  & 
needs  Design  &  impl.  strate¬ 
gies  for  more  efficient  use  of 
client  resources,  using  company 
transp.  planning  technologies. 
Document  client's  transp. 
reqmts.  &  propose  solutions. 
Apply  company  techs,  to  enable 
planning  sys.  integration  w / 
existing  client  sys.,  impl.  client- 
specific  software  code  & 
processes.  Req.:  MS  in  Indus. 
Eng.  Working  knowledge  (acad¬ 
emic  coursework  or  exp.)  of 
Visual  Basic,  Java,  C++,  SQL  & 
NT  Server;  logistical  analysis  to 
improve  efficiency;  &  supply 
chain  principles.  Pass  mandato¬ 
ry  proficiency  test.  R6sum6: 
Velant,  Inc.,  Attn:  Recruiting, 
900  Circle  75  Pkwy„  Ste.  300, 
Atlanta,  GA  30339. 


Software  Engineer  II  (2  open¬ 
ings):  Develop,  integrate  and 
customize  software  components 
into  wireless  products.  Work  w/ 
GSM/GPRS  Protocol  stack 
development  and  prototype 
hardware;  source  3rd  party  soft¬ 
ware  and  internally  develop  soft¬ 
ware  components  using  C/C++, 
Real-time  O.S.,  Unix.  Also 
debug  both  software  and  hard¬ 
ware.  Req.  Bachelor's  in  C.S., 
E.E.  or  related  field  +  a  min.  of  2 
yr  exp.  in  job  offered.  Resume  to 
HR,  Matsushita  Mobile 
Communications  Development 
Co,  1225  Northbrook  Pkwy, 
Suwanee,  GA  30024 


Sr.  Programming  Analyst 
(multiple  positions).  Design 
customized  techn  appl  pro¬ 
grams.  Install  &  config  pro¬ 
gram  prod.  Determine  tech 
infrastructure  &  comm.  Req. 
Test  appl.  Analyze,  design  & 
develop  app.  Interfaces  using 
IBM  AS400,  RPGLE,  C/400  & 
Java/400.  Req.  BS  in  Comp. 
Sci.,  Comp  Eng.  Or  Elect. 
Eng.  And  5  yrs  exp  as  Pro¬ 
grammer.  40  hr/wk.  Job/inter¬ 
view  site:  Irvine,  CA.  Send 
resume  to  SVI  Solutions, 
5607  Palmer  Way,  Carlsbad, 
CA  92008. 


Database  Administrator, 
Electronics  Distribution  Co. 
Minimum  6  years  exp. 
Design,  program,  and 
implement  database  appli¬ 
cations.  Provide  database 
systems  administration, 
including  managing  users, 
defining  user  security  poli¬ 
cies,  and  disaster  recovery. 
40  hrs/wk,  9AM-5PM. 
Competitive  salary.  Send 
resume  to:  Whale 

Enterprise,  5730  Oakbrook 
Pkwy.,  Ste  175,  Norcross, 
GA,  30093. 


Software  Engineer  -  Min  2 
yrs  exp  Duties  include: 
analysis,  design  &  develop¬ 
ment  of  commercial  applica¬ 
tions  including  data  model¬ 
ing  &  database  design  using 
COLD  FUSION,  ASP,  COM, 
MFC,  VC++,  Verity  Search 
Engine,  NetGenesis,  Java, 
EJB  and  Oracle  database. 
Must  have  Master's  degree 
in  Comp  Sci,  Comp  Engg  or 
Elec  Engg.  Send  resume  to: 
Netage  Consulting.  Inc,,  810 
Eisenhower  Blvd,  Suite  21, 
Middletown,  PA  17057. 


Business  &  Information  Systems 
Administrator.  Administer  and 
manage  company  information 
structure.  Perform  all  IS  related 
functions.  Support,  maintain, 
and  enhance  current  JD 
Edwards  ERP  system  to 
achieve  business  strategies  and 
objectives.  Create,  maintain, 
and  distribute  business  reports 
from  ERP  system.  Design  and 
maintain  company  custom  soft¬ 
ware.  Oversee  and  perform  all 
IT  related  functions.  Position  is 
located  in  York,  Nebraska.  B  S. 
degree  req'd  (or  equiv.  educa¬ 
tion  or  experience)  w/  major  in 
Comp.  Sci.  or  related  field.  2  yrs 
of  experience  req'd.  Must  have 
proof  of  legal  authority  to  work  in 
the  United  States.  Send  resume 
to  Joe  Kardos,  15159  Andrew 
Jackson  Hwy  76  West,  Fair 
Bluff,  NC,  28439.  This  adver¬ 
tisement  is  paid  for  by  the 
employer. 


Asst.  Data  Analyst.  Asst. 
Data  Analyst  in  analyzing 
req.,  proc.  &  prob.  to 
design,  develop  &  test 
SA/V  app.  to  process  or 
improve  existing  comp. 
Sys.  Req:  BS  in  Comp. 
Sci.  or  Info.  Sys.  40 
hr/wk.  Job/Interview  Site: 
Lawndale,  CA,  Send 
resume  to  Globiwest 
Mgmt.  Consultants,  Inc., 
14814  Hawthorne  Blvd., 
Lawndale,  CA  90260. 


Software  Engineer,  Medical  Appli¬ 
cations.  Design,  develop  and  test 
software  for  radiation  treatment 
planning  systems  including  proto¬ 
type  development,  Client-Server 
model  development,  algorithm  im¬ 
plementation,  and  extensive  valida¬ 
tion  testing  in  conformance  with 
FDA  requirements  utilizing  Motif,  C 
(including  pointer  memory  manage¬ 
ment),  C++  and  UNIX  shell  scripts. 
Requires  BS  in  Computer  Science, 
Engineering,  Physics  or  related 
field.  Must  be  presently  eligible  for 
permanent  employment  in  the  U.S. 
Send  resume  to  Human  Resour¬ 
ces,  Attn:  JFB,  Computerized 
Medical  Systems,  1195  Corporate 
Lake  Dr..  St.  Louis,  MO  63122 


Engineers  needed  in  Santa 
Clara,  CA  to  develop  lab 
automation  applications  soft¬ 
ware  using  graphical  pro¬ 
gramming  and  object  oriented 
programming  languages.  Use 
ASP,  Java  Script,  JSP  for  web 
based  applications.  Must 
have  a  Bachelor's  degree  in 
Electrical  Eng  and  1  1/2  yrs. 
exp.  in  job  offered  performing 
duties  listed  above.  E-mail 
resumes  to  ruth.hale@vi- 
tech.com  at  VI  Technology. 
Put  code  ENG  on  the  resume. 


S/W  Engineers  to  analyze, 
design,  develop  client  server 
appls  with  OO  methodology 
using  Java,  C,  C++,  VC++, 
J2EE,  XML,  UML,  JavaScript, 
COM,  CORBA,  etc.  on  Weblogic, 
IIS  under  Windows,  UNIX,  DOS 
OS;  interact  with  clients  &  ana¬ 
lyze  user  needs;  customize  soft¬ 
ware  for  client  use  to  optimize 
operational  efficiency;  assist  in 
quality  assurance.  Require  MS 
or  foreign  equiv.  in  CS/Engg  (any 
branch)  and  1  yr  exp  in  IT.  High 
salary.  Travel  required.  Send 
Resumes  to:  HR,  Opal  Soft,  Inc. 
3150  Almaden  Expwy  Ste  205, 
San  Jose,  CA  95118 
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NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 

Business  Analyst  (NYC) 

Develop  and  implement  marketing 
strategies.  Manage  sales  life  cycle 
including  client  presentations  and 
negotiations.  Oversee  project 
management  including  deploy¬ 
ment  and  roll  out.  Co-manage  pro¬ 
ject  center. 

Must  possess  excellent  communi¬ 
cation  skills  as  well.AII  positions 
require  BS/MS  degree  with  a  min¬ 
imum  of  2  to  3  years  of  experience 
in  the  field.  Must  possess  excel¬ 
lent  communication  skills  as  well. 
NET2S,  82  Wall  Street  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279-  1960;  Phone  (212)  279-6565; 
or  Email:  iobus-nvia)net2s.com 


Data  base  analyst. 

Full  time,  competitive  salary 
offered.  Requires  bachelor 
degree  in  computer  science 
and  2  yrs  experience  in  job  of 
software  or  programmer  ana¬ 
lyst.  Experience  to  include  use 
of  visual  basic  v,  C++,  Msacess 
and  SQL  server.  Must  have 
proof  of  legal  authority  to  work 
permanently  in  the  U.S.  no 
phone  calls.  Interested  appli¬ 
cants  should  send  resume  to 
Nick  Shah,  Chem  -  Impex  Int 
Inc,  935  north  dillon  wood, 
dale,  IL  60191. 


It’s  Fast. 

It’s  Huge. 

It  Crosses 
Worlds  & 
Dimensions. 

IT  CAREERS 


Helping  You 
Get  One. 


Better 

Job  At 


Become  a  ITlicrosoft  Windows  2000  Security  Expert. 

It's  easy.  Just  point,  click  and  choose  the  format  that  works  best  for  you: 
•CD-ROm  •Uleb-Based  •Hands-On  •Uirtual  Classroom 

Uisit  lletSmart  today  at  www.nwnetsmart.com 
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Libsys.  Inc.  a  fast  growing  software 
Development  Company  Is  looking 
for 

Computer  Consultants: 

Should  have  a  bachelor's  degree  in 
computer  science/related  field  with 
2  years  experience  in  5  of  the  fol¬ 
lowing:  Oracle  Java.  J2EE,  HTML, 
Java  Script.  EJB,  XDI.  Web  Server, 
Magic.  TCP/IP.  Oracle.  XML. 
DB2.0S/MF/COBOL,  VB.  Tera- 
data,  Crystal  reports 

We  accept  foreign  education 
equivalent  of  the  degree,  or  the 
degree  equivalent  in  education 
and  experience. 

Send  Resume  to  SIVA@LIBSYS 
INC.COM  Attn:  9241  Fairway  211, 
Des  Plaines,  IL  60016 


Senior  Project  Leaders 

Abbott  Laboratories  in  Bed¬ 
ford,  MA  seeks  qualified 
Senior  Project  Leaders. 
Bachelors  degree  in  Comput¬ 
er  Science,  Computer  Tech¬ 
nology  or  related  required 
with  experience  in  architec¬ 
ture,  design  and  development 
of  Component  Based  Tech¬ 
nologies.  Respond  by  mail  to 
Abbott  Laboratories,  Dept. 
323,  Bldg.  AP6D2,  100  Abbott 
Park  Road,  Abbott  Park  IL 
60064-32537.  An  EOE  Refer 
toad  code:  KE-MED-121. 


Software  Enng  -  Develop 
and  maintain  comp,  sys¬ 
tems  for  trading,  comm., 
inter/intranet  businesses, 
etc.  utilize  SAS  platforms, 
Oracle,  SQL  Server,  etc. 
Provide  tech.  supp.  in  OS 
internals,  etc.;  Min.  3/yrs 
exp.  in  job  offd  or  related 
and  B.S.  in  Enng,  Bus.  or 
related.  Exp.  ref.  req’d. 
Send  res:  Anid  Infosoft, 
2204  Haley  St.  Oxford,  MS 
38655 


Programmer 

Developing  software  applica¬ 
tions  for  the  company;  updating 
existing  applications;  solving 
database  &  networking  prob¬ 
lems.  B.S.  in  C.S.  or  rel.w/abil. 
to  use  C,  Java,  VB.  ASP,  SQL, 
Perl.  JavaScript,  Visual  C++, 
HTML.  Must  be  Sun  Certified 
Programmer  for  Java,  & 
Microsoft  Certified  Database 
Administrator.  40  hr/wk.  9-5. 
Resume  to:  Ms.  Saphura  S. 
Long.  President,  The  Prize 
Corporation,  5959  Shallowford 
Road,  Suite  309,  Chattanooga, 
TN  37415. 


NEED  TO  HIRE? 

START  WITH 
US! 


ITcareers.com  reach 
more  than  2/3  of  all  US 
IT  workers  every  week . 
If  you  need  to  hire  top 
talent,  start  by  hiring  us. 

Call  your  ITcareers 
Sales  Representative  or 
Nancy  Percival  at 
1-800-762-2977. 


ITcareers 

whtra  the  best  get  better 


I  T  Systems  Analyst  Analyze  busi. 
req'ts  /  processes;  Map  /  configure 
busi  process  in  SAP  R/3  Busi. 
Warehouse  (BW)  and  Strategic 
Enterprise  Mgmt  (SEM)  modules; 
Develop  /  implement  BW  and  SEM 
modules  in  SAP  R/3;  Develop 
Datamarts  /  Bex  Queries;  Design 
Infocubes;  Create  custom  infosys- 
tem;  Create  reports  in  BW  /  SEM 
modules;  Develop  /  publish  SEM 
planning  functions. 

B.S.  in  Comp.  Sc,  EE.  Electronics, 
or  similar  +  18  mo  exp.  in  SAP 
R/3.  In-depth  know,  of  BW.  SEM 
Quality  Mgmt,  SAP  Portals. 
$100,000.00/yr.  Travel  req'd. 
Work  site  locations  vary.  Must 
have  perm,  work  auth.  to  be 
employed  in  the  U.S.  Send 
resume  to  McKeesport 
CareerLink,  ES  Supervisor,  345 
Fifth  Ave.,  McKeesport,  PA  15132- 
2600.  Refer  to  job  order  #  301989. 


SAS  Programmer  Analyst. 
Utilize  statistical  tools  and  meth¬ 
ods  to  develop/write  computer 
programs  for  clinical  studies 
using  Statistical  Analysis 
System  (SAS),  MVS,  JCL,  TSO, 
ISPF,  DB2,  Win  2000.  Bachelor 
degree  in  MIS,  Stat,  or  sim  field, 
or  equiv,  req'd,  as  is  2  yrs  exp  as 
a  SAS  P/A  or  in  a  stat  prog  posi¬ 
tion.  In  lieu  of  a  bach  degree  and 
2  yrs  exp,  employer  will  accept 
masters  degree,  or  equiv  in  edu 
or  exp.  Prior  exp  or  edu  must 
include  exp  with  SAS  and  clini¬ 
cal  studies.  Competitive  salary. 
May  be  assigned  to  various 
locations  in  US.  Resumes:  W 
Tankersley,  Resource  Mgr, 
Computer  Task  Group,  Inc,  Job 
No  1886.31,  5875  Castle  Creek 
Pkwy,  Ste  208,  Indianapolis,  IN 
46250. 


Several  computer  related 
positions  available  for 
large  software  develop¬ 
ment,  support  and  sales 
company.  Degree,  techni¬ 
cal  skills  &  experience 
vary  per  position.  Send 
resume  to  Susan  Stubbs, 
MAPICS,  Inc.  1000 
Windward  Concourse 
Parkway,  Suite  100, 
Alpharetta,  Georgia 
30005. 


Sunrise  Systems  Inc.,  has 
multiple  openings  in  PA,  NY 
&  NJ  areas  for  experienced 
pros.  System/  Prog  Analysts, 
Database  Admin/  Analysts, 
Database  Dev/  Designers, 
Software/  Computer  Engr, 
Unix/  Network/  NT  Admin  in 
the  areas  of  Oracle,  Unix,  C/ 
C++,  Windows  NT,  Java,  Web 
Development,  SAP,  etc.  We 
offercompetitive  salary  based 
on  experience.  Send  resume 
to:Sunrise  Systems  Inc.  PO 
Box  4647  Metuchen,  NJ 
08840 


Stellar  Services  seeks  an 
experienced  systems  engi¬ 
neer.  Must  have  a  Master's 
degree  in  Computer  Science/ 
Engineering,  and  2  years  of 
experience  in  Web  access 
security,  and  Windows  NT 
environment  analysis,  and 
design.  Knowledge  in  security 
protocols  &  architecture,  Virus 
protection  and  strong  techni¬ 
cal  writing  skill  are  required. 
Please  send  resume  and 
cover  letter  to  HR  Dept.,  156 
5th  Avenue,  Suite  1134,  New 
York,  NY  10010. 


Manager,  Lead  and  Senior 
Consultant  positions  in 
Washington.  DC.  Philadelphia, 
McLean.Va.  Position’s  require 
bachelor’s  (some  positions 
require  master's)  degree  in 
Computer  Science.  Engineering 
(any  field),  Business,  Information 
Systems  or  related  field  and  2  to  5 
yrs  of  experience  in  systems 
analysis,  development  or  manage¬ 
ment,  database  or  systems 
requirements  or  consulting,  project 
or  engagement  management,  or 
related  exp. 

Competitive  salary  and  benefit 
offered.  Please  fax  resume  to 
1-888-APPLYDT  and  identify 
job  code:  ERNOIVRCPWM. 

Deloitte  &  Touche  LLP  is  an  equal 
opportunity  firm. We  recruit, 
employ,  train,  compensate  and 
promote  without  regard  to  race, 
religion,  creed,  color,  national  ori¬ 
gin,  age,  gender,  sexual  orienta¬ 
tion,  marital  status,  disability  or 
veteran  status. 


Database  Administrator  (Tera- 
data  &  SQL  Server)  Business 
Objects  Administrator.  Install, 
upgrade,  configure  &  consoli¬ 
date  database  servers;  monitor 
resource,  database  usage  & 
security;  assist  w/logical  dsgns. 
physical  implmtn  of  data  & 
capacity  planning;  dvlp  custom 
ETL  tools  &  disaster  recovery 
plans;  perform  Business  Objects 
s/ware  installation,  upgrade  & 
admin.  BS  in  Comp  Sci,  MIS, 
Engg  or  related  field  +1  yr  exp  in 
job  offd  or  as  Database  Admin 
or  similar  duties  under  different 
job  title.  Exp  to  incl  Teradata 
DBA,  SQL  Server  DBA.  & 
Microstrategy  &  Business 
Objects  Admin.  40hrs/wk. 
$55,21 6/yr.  Must  have  proof  of 
legal  auth  to  work  in  US.  Send 
your  resume  to  IA  Workforce 
Center,  215  Keo  Way,  Suite  100, 
Des  Moines,  IA  50309-1727. 
Please  refer  to  Job  Order 
IA1 101660.  Employer  paid  ad. 


SOFTWARE  ENGINEERS  (8  posi¬ 
tions):  require  Bachelor’s  in  Engin¬ 
eering/Computer  Science/Mathe¬ 
matics/Science  or  closely  related 
field  with  experience  providing 
skills  in  described  duties,  at 
$65,000  per  year;  Senior  Software 
Engineers  (8  positions)  with  Mas¬ 
ter’s  and  two  years  experience,  at 
$70,000  per  year.  Provide  on-site 
consulting  in  design,  analysis  and 
development  of  software  applica¬ 
tions  for  legacy  systems  in  IBM 
mainframe  environment;  develop¬ 
ment  and  administration  in  Oracle, 
DB2,  SQL  Server  and  Sybase;  e- 
commerce  and  web  applications 
development  in  Microsoft,  Java 
and  related  technologies;  network 
management  systems  develop¬ 
ment  with  Netscape  Server  and 
related  tools;  SAP  R/3  applications 
on  Windows  with  DOS  and 
ABAP/4  and  related  modules.  40% 
travel  to  client  sites  in  the  United 
States.  Mail  resumes  to:  YASH 
Technologies,  Inc.,  Human  Re¬ 
sources,  605  I?*!1  Avenue,  Suite  1, 
East  Moline,  IL  61244. 


Director  of  S/ware  Applies  & 
Prgmg-LA.  Manage  &  coord 
comp,  prgmg  &  s/ware  applic 
activities.  Bach  in  comp,  sci., 
CIS  or  reltd  comp,  fid  +4  yr 
exp  in  job  offd  or  as  s/ware 
dvipmt  mgr.  Must  be  proficient 
in  Code  Warrior  on  MacOS, 
MS  Visual  C++,  x86  Ass¬ 
embly,  Power  PC  Assembly, 
Nintendo  GameCube  OS  & 
Python,  &  familiar  w/3-D 
graphics  &  human  interface 
dsgn.  Send  resume  &  Itr  to 
Wendy  McAfee,  Vivendi 
Universal  Games,  6080 
Center  Dr.,  Los  Angeles,  CA 
90045. 


DATABASE  ADMINISTRA¬ 
TORS:  Following  design  specifi¬ 
cations  and  instructions  from 
senior  database  managers  and 
database  architects,  DBAs  will 
apply  knowledge  of  data  base 
management  systems  to:  design 
logical  and  physical  data  bases; 
coordinate  physical  changes  to 
data  bases  and  codes;  and 
tests,  maintain  and  implement 
physical  data  base.  Duties 
include:  assist  in  the  day-to-day 
operation  of  Oracle  data  base 
systems  in  UNIX  mainframe 
environment  including  ETL, 
table  creation,  table  analysis, 
table  indexing,  query  creation, 
and  implement  query  and  ETL 
requests  from  internal  staff  ana¬ 
lysts  and  scientists  using 
ACCESS  or  another  database 
system.  Min.  Reqts.:  BS/BA  (for¬ 
eign  equivalent  accepted)  in  CS, 
IT,  EE  or  related  AND  2  yrs  exp. 
in  job  offered  OR  2  yrs  exp.  in 
related  occup.  as  Oracle  Data 
Base  Administrator.  PLUS,  must 
have  demonstrated  knowledge 
of:  (1)  Oracle  data  base  archi¬ 
tecture  in  UNIX  mainframe  envi¬ 
ronment;  (2)  SQL,  PL/SQL  and 
SQL  Loader;  and  (3)  data  base 
maintenance.  Basic  pay  is 
$63,200  per  year  for  full-time 
employment  (Mon-Fri.,  9-5)  and 
standard  company  benefits. 
EEO.  Submit  2  resumes  and 
respond  to  Case  No.  2001 1 5268 
and  or  Case  No.  20015267, 
Labor  Exchange  Office,  19 
Staniford  Street,  1st  Floor, 
Boston,  MA  02114. 


IT  Specialist  (Denver)  -  Order, 
install,  maintain,  configure  & 
implement  MVS  &  OS/390  soft¬ 
ware  prod.,  relating  to  DB2  & 
CICS  on  an  IBM  mainframe. 
Track  changes  using  Vantive’s 
PCRM  prod,  for  release  imple¬ 
mentation.  Perform  Systems 
Admin,  functions  for  DB2,  CICS 
&  assoc,  products  using  SMP/E, 
JCL,  VSAM,  JES3,  TSO/ISPF, 
BMC  tools,  CAFC,  Oracle 
Gateway,  SEQUELLINK,  Main- 
view  for  DB2,  &  Network  Data 
Mover  (NDM);  Troubleshoot  & 
maintain  software  prod.  & 
OS/390  to  ensure  problems  are 
rapidly  diagnosed  &  fixed;  par¬ 
ticipating  in  Hotsite  planning  & 
regularly  scheduled  disaster 
recovery  tests;  Perform  capacity 
mgmt  &  tuning  activities  incl 
definition  &  modification  of  data¬ 
bases  &  assist  w/implementa- 
tion  of  an  optimal  relational  data¬ 
base  design.  Req:  2  yr  exp  SW 
Eng/DB  Admin,  +  Wkg  knowl¬ 
edge  of:  DB2  &  CICS  Sys. 
Programming  on  IBM  Mainframe 
w/OS/390;  DB2  DBA, SMP/E, 
JCL,  VSAM,  JES3,  TSO/ISPF, 
BMC  Tools,  CAFC,  Oracle 
Gateway,  SEQUELLINK,  Main- 
view  for  DB2,  Network  Data 
Mover;  Hot  site  planning,  capac¬ 
ity  planning,  physical  database 
design;  Send  resumes  to: 
Colorado  Dept  of  Labor,  Two 
Park  Central,  Suite  400,  1515 
Arapahoe  Street.  Denver,  CO 
80202.  Ref  job  #C05036000. 


□  ills 

NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 

•  Sr.  Tibco  (RV,  Integration  Mgr) 
Developer 

•  TIBCO/TRIARCH  Systems 
Engineer 

•  Sr.  Security  Systems  Engineer 

All  positions  require  BS/MS  de¬ 
gree  with  a  minimum  of  2  to  3 
years  of  experience  in  the  field. 
Must  possess  excellent  communi¬ 
cation  skills  as  well. 


NET2S.  82  Wall  Street  Suite  400. 
New  York.  NY  10005;  Fax:  (212) 
279-  1960;  Phone  (212)  279-6565; 
or  Email:  iobus-nv@net2s  com 


Boehringer  Ingelheim  Pharma¬ 
ceuticals,  Inc.  has  an  immediate 
opening  in  its  Ridgefield, 
Connecticut  facility  for  the  posi¬ 
tion  of  Lead  Business  Analyst 

Provide  business  knowledge  and 
technical  leadership  in  identifying 
projects,  conducting  feasibility 
studies,  evaluating  system  de¬ 
sign  and  determining  cosi/benefit 
and  economic  justification  on  all 
IT  projects  to  address  the  sys¬ 
tems  and  technology  needs  of  the 
assigned  business  area. 

Must  possess  a  Bachelor's 
degree  or  its  equivalent  in 
Business  Administration.  Compu¬ 
ter  Science.  Information  Systems 
or  a  related  field  and  relevant 
experience  with  SAP-Business 
Analysis  skills  in  SD  and  HR 
modules,  the  development  of 
custom  database  programs  using 
Oracle,  Visual  Basic  and  SQL- 
based  RDBMS,  automated  tools 
to  automate  SAP  test  script  spec¬ 
ifications  and  Software  Project 
Implementation  and  Analysis. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code  AD- 
GCD/GC0103  or  it  will  be  reject¬ 
ed. 

Forward  resume  to:  Bl  Staffing 
Center,  PO  Box  534,  Waltham, 
MA  02454.  Fax  number:  (781) 
663-2431. 

Email:  BIPI@BI-careers.com 


Unix  Systems  Administrator 
(Info  Tech  Specialist  4).  Support 
client/server  applies  on  ITD  & 
agency  servers  on  an  enterprise 
LAN/WAN  &  Internet  envrmt, 
incl  all  phases  of  AIX  admin  in 
complex  internet  envrmts;  web 
admin,  incl  setup  &  maintenance 
of  WebSphere.  SSL,  MQ  Series, 
&  DB2;  shell  scripting  in  CSH  & 
KSH;  provide  dsgn  services  for 
high  availability,  high  capacity 
secure  hardware  platforms;  & 
service  related  to  entire  matrix  of 
ITD  provided,  cooperative,  or 
agency  consulting.  BS  in  Comp 
Sci,  MIS  or  Engg  or  equiv  edu¬ 
cation  &  exp  +2  yrs  exp  in  job 
offd  or  as  Comp  Consultant  or 
similar  duties  under  different  job 
title.  2  yrs  exp  or  equiv  educa¬ 
tion  &  exp  w/AlX;  WebSphere; 
MQ  Series;  install/operate  multi- 
job  &  personal  comp,  networks, 
database  mgmt  systms,  servers; 
dvlp  business  appl  processes, 
operating  systm  prgms,  info 
mgmt  training;  IT  customer  ser¬ 
vice;  dsgn  &  admin  internet 
sites.  Need  12  sem  hrs  or  6  mos 
exp  or  comb  in:  Linux,  prgmg 
lang,  SAS,  Unix,  other  main¬ 
frame/midrange/mini  operating 
systms,  personal  comp,  systms 
prgmg/mgmt.  40  hrs/wk, 
$40K/yr.  Must  have  proof  of 
legal  auth  to  work  in  US.  Send 
your  resume  to  IA  Workforce 
Center,  215  Keo  Way.  Ste  100, 
Des  Moines,  IA  50309-1727. 
Please  refer  to  JO  IA1 101661 . 
Employer  paid  ad. 


EXPERIENCED  IT 
PROS  NEEDED 

DBAs,  P/A,  &  Proj.  Managers  to 
design,  develop,  admin,  and 
support  DBs:  Sybase,  SQL 
Server,  Informix,  Oracle/!  Rdb. 
Disaster  recovery  plan/imple¬ 
ment,  per.  tuning,  back  up/ 
restore,  and  troubleshoot. 
Expert  in  WinNT,  VAX/VMS, 
SCOUnix,  TCP/IP,  PowerBuild¬ 
er,  Access,  and  C++.  MS 
Proxy/SMS  Server  &  IIS  to 
develop  web  DB  applications. 
Expert  RDB  theories,  CASE  & 
RDBMS  physical  implementa¬ 
tions  required.  Job  Location: 
San  Francisco  Area  and 
Phoenix.  Please  submit  resume 
to:  Apex  Software,  Inc.,  4718  E. 
Cactus  Road,  #206,  Phoenix, 
AZ.  85032 


Business  Process  Analyst. 
Work  Sched  8:00AM-5:00PM  40 
hrs/wk.  $64,377.70  P/A.  Design, 
evaluate,  analyze,  develop  & 
support  corporation's  central 
vehicle  invoicing  &  cost  of  sales 
systems.  Evaluate,  define  soft¬ 
ware  testing  methods,  redesign 
infrastructure  &  process.  &  ana¬ 
lyze  systems  using  COBAL, 
CICS,  DB2,  JCL,  VSAM,  IMS- 
DB  &  C/C++.  Analyze,  design, 
implement.  &  support  of  data¬ 
base  for  the  vehicle  invoicing, 
dealer  billing,  tracking  systems. 
Electronic  Data  (EDI)  &  SAP 
interface  for  several  countries  & 
Account  Receivables  at  corpo¬ 
rate  &  plant  levels.  Use  multiple 
application  development  tools 
including  Visual  Basic  and 
C/C++,  management  system. 
Interface  with  end?users  to 
develop  system  requirements  & 
provide  in-depth  applications 
support.  Work  in  technical  envi¬ 
ronment  including  Microsoft 
Windows  95/98  &  IBM  RS6000 
Unix.  Improve  all  aspects  of 
vehicle  invoicing  &  dealer  billing, 
tracking  &  cost  of  sales  systems 
&  improve  software  quality  & 
integrate  with  existing  systems 
on  client.  Bachelor,  Any 
Engineering  Degree.  2  Yrs.  exp. 
in  Job  or  Related  Occupation(s) 
of  Engineer,  Computer  Progr¬ 
ammer,  Programmer  Analyst  or 
Systems  Analyst.  2  Yrs.  of 
Related  Occupation  exp.  must 
include  evaluation,  defining  of 
software  testing  methods, 
redesign  of  infrastructure  & 
process.  &  analysis  of  systems 
using  COBAL,  CICS,  DB2,  JCL, 
VSAM,  IMS-DB  &  C/C++,  which 
may  be  concurrent  with  Related 
Occupation  exp.  Employer  Paid 
Ad.  Send  resume  to  MDCD. 
P.O.  Box  11170,  Detroit,  Ml 
48202,  Ref.  No.  202587. 


Network  Engineer:  The  network 
engineer  will  provide  technical 
consulting,  network  implementa¬ 
tion,  device  configuration,  router 
and  switch  installation,  &  trou¬ 
bleshooting  services  for  clients. 
Manage  implementation  of  net¬ 
work  projects  &  develop  &  main¬ 
tain  program  specs  &  documenta¬ 
tion.  Experience  with  Microsoft 
BackOffice  family  of  products, 
multi-vendor  UNIX,  network  design 
and  implementation,  firewalls  and 
other  aspects  of  network  security 
required.  Must  have  experience  in 
Frame  Relay,  packet  switching, 
network  management,  ISDN, 
CSU/DSU,  SNA/SDLC/SNMP,  and 
protocol  analysis.  Employment 
requires  B.S.  in  computer  science 
or  electronics  engineer  &  2  yrs. 
Exp.  in  job  offered.  Must  possess 
current  certifications  as  follows: 
Microsoft  Certified  Systems 
Engineer;  Cisco  Certified  certifi¬ 
cates  for  Design  Engineer  & 
Network  Professional  &  Design 
Asso.:  and  Checkpoint  certificates 
for  security  Engineer  and  Security 
Administrator.  Will  work  40  hr.  wk., 
8:00  am  to  5:00  pm;  no  O/T.  sal. 
$70,000  per  yr.  Send  resume  to 
Illinois  Department  of  Employment 
Security,  401  S.  State  St.  -  7 
North,  Chicago,  IL  60605:  Atten: 
Leonard  Boksa;  Ref  #  V-IL  33787  - 
B.  An  Employer  Paid  Ad.  No  Calls 
-  Send  2  copies  of  both  resume 
and  cover  letter.  Only  fully  qualified 
should  apply. 


Computers  -  Sr.  Technical 
Consultants  needed.  Seek¬ 
ing  qual.  cand.  possessing 
MS/BS  or  equiv.  and/or  rel. 
work  exp.  Part  of  the  exp. 
must  include  2  yrs.  working 
with  BaanERP.  Work  with  3 
of  the  following:  Java.  XML, 
BaanERP,  Baan  Open- 
World,  VB.  Must  be  willing 
to  travel  as  req’d.  Fwd. 
resume  &  ref.  to: 
e-Emphasys  Tech.,  Attn: 
HR,  219  E.  Chatham  St., 
#102,  Cary,  NC  27511. 
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Slammer 

continued  from  page  1 

Slammer’s  destructiveness  would 
require  skill,  but  chances  of  that 
happening  are  growing  since 
hacker  groups  and  legitimate  se¬ 
curity  firms  have  posted  an  an¬ 
alysis  of  the  machine  code  after 
reverse-engineering  it. 

While  many  are  blaming  net¬ 
work  administrators  for  failing  to 
take  proper  precautions,  com¬ 
plaints  are  mounting  about  how 
difficult  it  is  to  apply  patches  that 
Microsoft  supplied  six  months 
ago  to  prevent  the  kind  of  buffer- 
overflow  attack  this  worm  uses. 

Moving  in  a  flash  across  the  In¬ 
ternet,  Slammer  blasted  through 
an  estimated  half-million  vulnera¬ 
ble  servers  by  week’s  end,  wreak¬ 
ing  havoc  inside  corporate  intra¬ 
nets,  disrupting  e-commerce,  and 
even  causing  a  global  ’Net  slow¬ 
down.  Within  minutes,  it  had 
slipped  into  corporations  through 
firewalls  left  open  at  Fbrt  1433 
and  1434, or  spread  through  infec¬ 
tion  by  e-commerce  partners. 
Some  ISPs,  including  AT&T,  now 
are  filtering  out  the  worm. 

A  number  of  corporations  hit 
by  Slammer  had  to  shut  down 


internal  operations  for  a  day  to 
get  rid  of  the  worm,  which  was 
flooding  their  intranets  with  a 
denial-of-service  (DoS)  attack. 

“We  experienced  a  systems 
slowdown  due  to  the  worm,” says 
JP  Morgan  Chase  spokesman 
Tom  Johnson.’And  we  shut  down 
our  online  banking  as  well.” 

Randomly  scanning  at  high 


speed  in  search  of  unpatched 
SQL  Servers  or  any  unpatched 
applications  using  the  licensed 
Microsoft  Data  Engine  (MSDE) 
code,  Slammer  generated  huge 
amounts  of  UDP  packet  traffic, 
causing  a  50%  degradation  of 
Web  site  availability  around  the 


world  as  it  gained  steam  early 
Jan.  25.  Internet  traffic  returned 
to  normal  around  noon  that  day 
according  to  monitoring  firm 
Keynote  Systems. 

Slammer’s  DoS  attack  was  so 
intense  in  its  first  hours  that  laten¬ 
cy-sensitive  applications  such  as 
voice  over  IP  among  other  appli¬ 
cations,  would  have  been  sever¬ 


ely  affected,  says  Hossein  Eslam- 
bolchi.  AT&T’s  CTO  and  president 
of  AT&T  Labs. 

“This  really  is  a  national  securi¬ 
ty  issue,”  says  Eslambolchi,  who 
advocates  that  industry  coordi¬ 
nate  with  government  to  set  min¬ 
imum  standards  in  network 


Hf  ^  the  responsibility  of  anyone 

m  -  I  who  runs  and  manages  a  server 
:pL  M  [to  install  patches]. ...  Microsoft 
i  Mk  can  t  £°  out  to  every  customer 

k  an(J  j|0  ^  fQp  yQU  )  J 

Paul  Krihak 

Network  engineer,  Virtua  Health 


NetPro 

continued  from  page  12 

the  security  of  every  domain 
within  the  directory  forest. 

The  only  way  to  combat  the 
problem  is  to  deploy  “multiple 
forests,”  a  complex  configuration 
that  Microsoft  still  does  not 
openly  recommend  even 
though  Windows  Server  2003, set 
to  ship  April  24,  includes  a  fea¬ 
ture  to  make  deploying  multiple 
forests  easier. 


NetPro,  which  competes  with 
NetlQ,  Quest,  BindView  and 
Aelita  in  developing  directory 
management  software,  is  the  first 
to  address  the  domain  security 
issues  in  Active  Directory,  ana¬ 
lysts  say. 

“Those  users  with  single  forests 
were  taken  aback  that  one 
domain  couldn’t  protect  itself 
from  another  domain  where 
something  malicious  had  been 
done,”  says  Daniel  Blum,  an  ana¬ 
lyst  with  Burton  Group.  “The 
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enterprise  has  been  concerned 
about  this  issue, so  this  lockdown 
tool  seems  to  be  a  good  idea 
because  there  are  disadvantages 
to  having  multiple  forests.” 

DirectoryLockdown  now  offers 
companies  the  ability  to  protect 
one  domain  from  another.  The 
software  cannot  prevent  admin¬ 
istrators  with  access  to  mach¬ 
ines  running  Active  Directory 
from  corrupting  configurations 
in  that  particular  domain,  but 
the  software  can  detect  changes 
to  configurations  and  block 
them  from  replicating  through¬ 
out  the  network. 

“We’ve  mitigated  some  of  the 
risk,  but  we  can’t  solve  the  whole 
problem,”  says  Gil  Kirkpatrick, 
CTO  for  NetPro. 

The  DNSAnalyzer  module 
maintains  consistency  between 
DNS  records  and  Active  Di¬ 
rectory  which  uses  DNS  as  its 
location  service  so  clients  can 
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find  machines,  called  domain 
controllers,  which  run  Active 
Directory  The  software  includes 
nearly  200  DNS  alerts  and 
includes  a  reporting  engine. 

The  Active  Directory  Lifecycle 
Suite,  including  the  DNSAna¬ 
lyzer,  costs  $37  per  user  object  in 
the  directory.  The  Directory- 
Lockdown  module  costs  $9  per 
user  object. 

NetPro:  www.netpro.com 


design  and  threat  response. 

The  intrusion-detection  sys¬ 
tems  that  AT&T  uses  provided  an 
early  warning  about  the  worm, 
which  AT&T  then  hastened  to  fil¬ 
ter  out  via  router  access  control 
lists,  Eslambolchi  says.  He  says 
this  filtering  process  remains 
manual  about  half  the  time,  and 
further  work  on  automating 
attack  blocking  is  needed. 

Among  the  victims  of  Slammer 
was  Microsoft,  where  the  worm 
infected  the  unpatched  comput¬ 
ers  used  by  about  1,000  Micro¬ 
soft  developers,  causing  the 
company  to  scramble  as  its  net¬ 
work  was  flooded  in  a  DoS  at¬ 
tack.  The  company  shut  down 
servers  and  cleaned  them  of  the 
tiny  376-byte  worm.  Many  Micro¬ 
soft  customers  found  it  rough 
going  just  trying  to  apply  the  SQL 
Server  patch  code  issued  last 
July  They  say  the  patch  is  hard  to 
do  and  can  easily  take  six  hours. 

“We  agree  —  we  have  to  build 
better  tools  for  this,”  Microsoft 
spokesman  Rick  Miller  says. 

Analysts  say  the  software  indus¬ 
try  has  failed  to  build  vulnerabili¬ 
ty-assessment  tools  that  help  cus¬ 
tomers  keep  track  of  their  inven¬ 
tory  of  applications  and  equip¬ 
ment  to  determine  what  needs 
patching  and  whether  it  was 
done.“Most  companies  just  don’t 
know  what  they  have  to  begin 
with,”  says  Chris  King,  security 
analyst  at  consultancy  Greenwich 
Technology  Partners. 

By  no  means  were  customers 
blaming  everything  on  Microsoft. 

“It’s  the  responsibility  of  any¬ 
one  who  runs  and  manages  a 
server,”  says  Paul  Krihak,  network 
engineer  at  Virtua  Health.  “It’s 
their  responsibility  to  apply  the 
patches  Microsoft  puts  out. 
Microsoft  can’t  go  out  to  every 
customer  and  do  it  for  you.” 

The  financial  industry  in  partic¬ 
ular  paid  a  high  price  for  failure 
to  patch.  Bank  of  America’s  auto¬ 
matic  teller  machines  were  ren¬ 
dered  useless  for  a  day  because 
the  worm  infected  the  bank’s  in¬ 
ternal  servers  that  play  a  role  in 
managing  the  machines,  which 
are  not  on  the  Internet.  In  Asia,  the 
South  Korean  stock  exchange 
reported  disruptions  and  Russian 
government  agencies  reportedly 
were  affected. 

The  U.S.  government  also  was 
caught  off  guard.The  National  In¬ 
frastructure  Protection  Center, 
which  wants  to  be  the  first  point 
of  information  about  any  cyber¬ 
attack,  took  hours  to  get  NIPC 
staff  awake  and  working  to  issue 
an  alert  about  Slammer. 

“It’s  been  tough  to  do  the  coor¬ 
dination,”  acknowledges  Marcus 


Top  20  scans 

MS-SQL  Server  topped  the 
list  of  most-suspicious 
scans  in  the  past  six 
months  even  before  the 
advent  of  the  Slammer 
worm.  The  list  is  drawn 
from  Symantec’s  six- 
month  monitoring  of  500 
customers  using  2,000 
firewall  and  intrusion- 
detection  products. 


Scan  type 

A 


Microsoft  SQL 
Server  HTTP 

29.5%  16.5' 

HP 

Others*  13.3 

40.7% 


‘Other  include:  Netbios  Name  Service, 
HTTPS,  SMTP  and  Sub  seven. 


Sachs,  director  for  communica¬ 
tion  infrastructure  protection  at 
the  White  House  Office  of  Cyber¬ 
space  Security.  He  expects  things 
to  improve  by  summer,  when  the 
NIPC  will  be  more  settled  in  the 
newly  created  Department  of 
Homeland  Security. 

Some  experts  agree  that  Slam¬ 
mer  will  be  retooled  to  be  more 
dangerous,  but  that  SQL  Servers 
and  MSDE  —  a  kind  of  mini- 
Microsoft  SQL  code  embedded 
in  at  least  100  applications  — 
won’t  be  the  target  next  time. 

“A  different  service  will  be  the 
target,  perhaps  printers,”  says 
Vincent  Werf, senior  director  of  Sy¬ 
mantec  security  response.  Syman¬ 
tec  this  week  is  set  to  issue  a 
threat-advisory  report  about  the 
types  of  suspicious  scans  and  out¬ 
right  attacks  experienced  over 
the  past  six  months  by  500  firms 
that  use  Symantec’s  managed 
security  services.  According  to 
this  report,  SQL  Server  is  the  most 
widespread  hacker  probe. 

Equipment  to  combat  distrib¬ 
uted  DoS,  including  that  from  Ar¬ 
bor  Networks,  Captus  Networks 
and  Mazu  Networks,  has  become 
available  over  the  last  year,  but  its 
use  is  not  widespread  in  corpora¬ 
tions  or  ISPs. 

Intrusion-prevention  gateways, 
such  as  one  from  IntruVert,  also 
are  seen  as  a  way  to  block  attacks 
of  many  types,  although  the 
notion  of  blocking  traffic  auto¬ 
matically  remains  controversial 
because  of  worries  about  cutting 
off  legitimate  traffic.  ■ 
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Laying  blame  when  things  are  going  wrong 


i 


need  to  rant. 

Specifically  1  need  to  rant  about 
last  weeks  little  Internet  worm 
problem  ....  Here  we  had  a  vulnera¬ 
bility  that  many  argue  should  not 
have  existed  in  the  first  place,  that 
was  identified  and  a  patch  generated,  that  the  world 
was  told  about  and  still,  months  later, some  500,000 
machines  on  the  ’Net  got  bombed  by  a  worm  that 
exploited  that  same  vulnerability  This  is  crazy! 

Or  is  it? 

If  you  read  the  commentaries  in  all  the  serious  IT 
journals  you’ll  see  the  usual  roundup  of  suspects: 
Microsoft  for  leading  us  down  the  path  of  unright¬ 
eousness  and  making  us  use  their  products,  the 
sysadmins  who  neglected  to  apply  the  patch,  the 
‘Net  for  fostering  the  environment  where  this  could 
happen  . . .  blah,  blah,  blah. 

You  know  whose  fault  it  is?  Ours. 

We  insist  on  spending  the  least  amount  of  money 
to  buy  products;  we  don’t  demand  high  enough 
standards  of  vendors;  we  don’t  invest  enough  on 
testing  and  integration;  we  don’t  pay  IT  staff  enough 
or  give  them  enough  time  to  make  sure  the  imple¬ 
mentation  is  sound  and  at  the  same  time  insist  on 
and  expect  perfection.  What’s  more,  the  IT  staff 
doesn’t  make  enough  stink  about  poor  practices 
and  decision  making. 


Are  we  all  nuts? 

Let’s  be  clear:  Every  decision  has  a  price. The 
more  off-the-cuff  the  decision,  the  greater  the  risk. 
The  more  considered  the  decision,  the  more  cost 
involved.  Everyone  who  has  been  in  business  for 
more  than  a  few  months  knows  these  are  true  state¬ 
ments  and  they  know  that  the  art  of  business  is 
about  finding  a  balance  between  risk  and  cost  that 
is  acceptable. 

The  rub 

But  there’s  a  small  problem. 

The  small  problem  is  that  we  all,  techies  and  suits, 
consistently  underestimate  the  risk.  We  think  we’re 
bold,  that  we’re  tough  and  ready  to  deal  with  come 
what  may 

This  is  not  a  good  stance.  It  is  not  good  because  if 
we  really  were  that  bold  and  tough  we’d  stop  being 
surprised  every  time  things  went  wrong  and  we’d 
stop  whining  about  it  being  someone’s  fault. 

You  know  what  we’d  do  if  we  were  bold  and 
tough?  We’d  laugh.  We’d  shake  our  heads  and  say, 
“How  about  that?”  We’d  see  it  as  a  lesson  learned 
and  we’d  modify  our  behavior  accordingly  We’d 
profit  from  adversity. 

So  what  are  we  going  to  do  about  it? 

I’ll  bet  nothing  is  the  answer.  By  now  everyone 
who  got  sideswiped  will  have  finished  with  the 


headless  chicken  routine,  had  the  inquest,  pun¬ 
ished  the  innocent  and  patted  the  guilty  on  the 
back.  Then  we  went  back  to  business  as  usual 
because,  despite  all  the  furor  that  the  press  made, 
no  one  died  and  no  one  suffered  (at  least,  no  one 
who  mattered). 

You  know  what  we  should  do? 

Slow  down.  Stop  believing  our  own  press  and 
stop  trusting  everyone  else’s  press.  We  need  to  get 
tough  and  get  thorough.  We  need  to  make  sure  that 
if  the  knee  bone  is  supposed  to  be  connected  to 
the  thigh  bone  then  it  dang  well  is.  And  if  we  find 
out  later  that  we  only  thought  it  was  connected  but 
it  wasn’t  really,  then  we  don’t  need  to  whine  about 
it  and  look  for  someone  to  blame.  We  need  to  make 
sure  it  doesn’t  happen  again. 

In  the  IT  world  as  it  is,  there  is  an  endless  supply 
of  people  and  companies  that  are  guilty  of  negli¬ 
gence,  fraud,  underestimation,  overestimation, 
lying,  obfuscation  and  every  other  sin  you  can 
think  of  (except  perhaps  oxen  coveting). 

What  there  isn’t  enough  of  is  tough  thinking, 
mature  judgment  and  taking  responsibility  for  our 
own  decisions. 

Of  course,  that's  just  my  opinion.  But  1  don’t  think 
I’m  wrong. 

Fulminate  at  backspin@gibbs.com. 
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Beware  that  ‘seamless  transition' 

Slashing  payroll  might  be  standard  business  prac¬ 
tice  these  days,  but  there's  still  no  good  way  to  tell 
the  public  —  your  customers,  in  particular  —  that 
you  are  forced  to  lay  off  25%  of  your  workforce. 

However,  some  ways  of  delivering  that  news  are 
worse  than  others, 

Exhibit  A:  EarthLink,  the  nation's  third-largest  ISP, 
last  week  announced  that  it  would  pink-slip  1,300  of  its  5,200  employees.  More 
ominous  than  the  raw  number  or  the  percentage  is  the  fact  that  these  cuts  are 
coming  in  customer  service  and  technical  support.  As  part  of  the  purge,  Earth- 
Link  is  closing  four  call  centers. 

Despite  this  obvious  reason  for  concern  on  the  part  of  EarthLink  users,  a  com¬ 
pany  spokeswoman  tried  her  best  to  smear  lipstick  on  the  pig:  "This  will  be  a 
seamless  transition  for  customers,"  she  told  IDG  News  Service. 

What  could  that  mean? 

I  suppose  it's  possible  that  EarthLink  has  been  carrying  such  a  bloated  service 
and  support  staff  that  lopping  off  that  many  workers  won't  be  noticed  by  anyone 
other  than  the  poor  folks  left  without  paychecks.  If  that’s  the  case,  though,  com¬ 
pany  executives  are  going  to  owe  stockholders  an  explanation,  given  that  Earth- 
Link  has  been  bleeding  rivers  of  red  ink  for  years. 

You  might  think  that  the  company's  struggles  have  left  it  with  fewer  customers, 
and  therefore  a  natural  need  for  fewer  service  and  support  personnel.  You'd  be 
wrong,  though.  EarthLink  says  its  customer  base  is  going  nowhere  but  up. 

Maybe  the  company  has  deployed  the  latest  and  greatest  call-center  technol¬ 
ogy  diereby  increasing  efficiency  to  such  a  degree  that  those  bodies  are  no 
■o'Xjer  needed.  It’s  a  nice  story;  one  the  company  likely  would  be  telling  if  true. 


Or  perhaps  the  spokeswoman  just  meant  that  customers  would  see  a  seamless 
transition  from  good  service  to  self-service. 

The  incredibly  shrinking  A0L  Time  Warner 

The  day  their  merger  was  announced,  Jan.  10,  2000,  America  Online  and  Time 
Warner  boasted  a  combined  market  capitalization  of  $319  billion.  Last  Wednesday, 
AOLTime  Warner  not  only  confessed  to  a  mind-numbing  2002  loss  of  almost  $100 
billion,  but  was  left  with  a  net  worth  of  only  $62  billion.  While  it  might  seem  odd  to 
precede  a  number  as  large  as  $62  billion  with  the  word  only,  what  choice  is  there 
when  describing  a  company  that  has  kicked  away  80%  of  shareholder  value? 

So  is  it  any  wonder  that  AOL  Time  Warner  Vice  Chairman  Ted  Turner  last  week 
joined  former  company  honchos  Steve  Case,  Gerald  Levin  and  Robert  Pittman  in 
slinking  away  from  this  train  wreck? 

Whenever  these  supersized  merger  moguls  fall  —  as  most  do  —  it’s  amusing  to 
take  a  peek  at  the  press  archives  to  see  what  they  were  promising  back  when  the 
deal  was  announced.  As  expected,  most  of  the  AOLTime  Warner  blather  three 
years  back  centered  around  "leveraging”  this  and  “synergizing"  that. 

“By  joining  forces  with  Time  Warner,  we  will  fundamentally  change  the  way  peo¬ 
ple  get  information,  communicate  with  others,  buy  products  and  are  entertained," 
Case  vowed  back  then,  no  doubt  never  dreaming  that  the  fundamental  change 
would  include  his  hitting  the  bricks. 

But  my  favorite  quote  from  the  honeymoon  phase  was  uttered  by  Turner,  who 
described  the  rapture  he  experienced  in  casting  his  vote  —  then  9%  of  Time 
Warner's  stock  —  in  favor  of  the  merger. 

"The  excitement  with  which  I  did  that  matched  the  excitement  I  had  42  years  or 
so  ago,  when  I  first  made  love,"  Turner  said. 

Any  guesses  as  to  which  event  he'd  rather  forget  now? 

Don't  forget  to  write.  The  address  is  buzz@nww.com. 
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Lotus,  software 


EASIER  TO  MANAGE, 
SAVES  MONEY. 

SLAM  DUNK  FOR  THE 
NEW  LOTUS  NOTES. 


Introducing  Lotus  NotesVDomino ™  6.  It’s  the  easiest  to  manage,  most  cost-effective 
Notes/Domino  ever.  It  streamlines  administration,  frees  up  network  resources  and 
slashes  downtime.  Storage  costs  can  fall  by  up  to  15%.  Notes/Domino  6  has  unsurpassed 
power  and  control  for  managing  thousands  of  users.  Lotus,  part  of  the  software  team 
that  includes  WebSphere?  DB2®  and  Tivoli®  Take  a  test-drive  at  ibm.com/lotus/win 


(© business  is  the  game.  Play  to  win" 


reach 

AVAVA 

a  higher  plane 
of  communication 


SAY  THE  BUSIEST  CONTACT  CENTER  at 

Dollar  Rent  A  Car  crashes  and  is  fixed  remotely 

before  a  single  reservation  is  dropped.  Before 

anyone  at  Dollar  is  even  aware  of  a  problem. 

Did  a  problem  ever  exist?  In  the  state  of  Avaya, 

our  Expert  Systems5'  remote  monitoring  and 

maintenance  solutions  resolve  96%  of  all  alarms 

remotely.  Nobody  has  our  patented  leading-edge 

diagnostic  tools,  including  proactive  trouble 

resolution.  And  our  Avaya  Global  Services  pro¬ 
fessionals  bring  a  single  point  of  accountability 

to  multi-vendor  communication  environments. 

That’s  reassuring  when  your  company  runs  a 

fleet  of  140,000  rental  cars  at  400  worldwide 

locations,  with  a  reputation  for  superior  customer 

service.  See  why  no  one  else  comes  remotely 

close  to  maximizing  your  network  investment  at 

avaya.com/services.  Or  call  866-GO  AVAYA  today. 

IP  Telephony 

Contact  Centers 

Unified  Communication 

Services 

■  -N/V 


AVAYA  REMOTE  MONITORING  FIXES 

Dollar  Rent  A  Car's 

NETWORK  CRASH 

before  anyone  hears  an  alarm . 

Kind  like  that  tree  that  frails  in  the  frorest. 


